Automating renewal?

[mdeneen]

First of all, I really like this method of renewing certificates and the acme v2 client works great. When something goes wrong, though, it can be a bit difficult to handle and you end up with unexpected output in the pem file.

I ran the curl command, validated the entries, and life was good. Five minutes later I ran the same command and it issued new certificates. This is something that will surely get me in trouble if I placed it in a cron job.

Is there a recommended practice here?

[anezirovic]

Hello, thanks for reporting the usability issues, we probably want detect already issued certs, so it doesn't request for new cert every time you run the commands. For now, you'd need to check the cert file on disk yourself (with openssl command), and decide whether to request new cert.

• There is some pending work with haproxy-lua-acme, since starting with HAProxy 2.1 we have option for handling certs (see CLI options like show ssl cert, set ssl cert, etc)

[github-tomster]

any news on that?

[ieugen]

Looking at this in 2022.
I wonder how hard would be to merge this functionality with hashicorp consul (via API) or hashicorp vault.