path: root/roles
diff options
authorLars Wirzenius <>2018-11-06 11:02:17 +0200
committerLars Wirzenius <>2018-11-06 11:02:17 +0200
commitbb35abf58580f570829ba4d3e56eeaf61e2e8a9e (patch)
treee491ac03430023ba47cdd77c7272a4a3152b48cc /roles
parentfc12b854b1ed1b9e9d1c890998c1e294269c6a58 (diff)
Fix: recreate haproxy.pem in cron job
haproxy wants a haproxy.pem that is the catenation of letsencrypt's fullchain.pem and privkey.pem. It's created by the Ansible playbook, but if you don't run Ansible for three months, the cert will expire. Add a daily cron job that recreates haproxy.pem every day. This might be doable using a certbot haproxy plugin, but I can't be arsed to find out. Don't understand why letsencrypt doesn't just create such a file by default, or why haproxy wants such a file.
Diffstat (limited to 'roles')
1 files changed, 11 insertions, 0 deletions
diff --git a/roles/haproxy/tasks/main.yml b/roles/haproxy/tasks/main.yml
index a7854fb..8129482 100644
--- a/roles/haproxy/tasks/main.yml
+++ b/roles/haproxy/tasks/main.yml
@@ -38,6 +38,17 @@
(cd /etc/letsencrypt/live/haproxy; cat fullchain.pem privkey.pem) \
> /etc/ssl/haproxy.pem
+- name: "install daily cron job to create haproxy.pem"
+ copy:
+ content: |
+ #!/bin/sh
+ cd /etc/letsencrypt/live/haproxy
+ cat fullchain.pem privkey.pem > /etc/ssl/haproxy.pem
+ dest: /etc/cron.daily/haproxy.pem
+ owner: root
+ group: root
+ mode: 0755
- name: install haproxy
name: haproxy