14 lines
506 B
Django/Jinja
14 lines
506 B
Django/Jinja
#!/bin/bash
|
|
# renew cert if required and copy to haproxy destination
|
|
|
|
{{ haproxy_ssl_letsencrypt_venv }}/bin/certbot renew \
|
|
--standalone \
|
|
--pre-hook "systemctl stop haproxy" \
|
|
|
|
{% for vip in [ haproxy_bind_external_lb_vip_address ] + extra_lb_tls_vip_addresses %}
|
|
cat /etc/letsencrypt/live/{{ haproxy_bind_external_lb_vip_address }}/{fullchain,privkey}.pem \
|
|
> {{ haproxy_ssl_cert_path ~ '/haproxy_' ~ ansible_facts['hostname'] ~ '-' ~ vip ~ '.pem' }}
|
|
{% endfor %}
|
|
|
|
systemctl reload haproxy
|