|
|
|
|
|
|
by stephenr
3171 days ago
|
|
|
I use a HAProxy + Certbot too (with a certbot "hook" script that builds the .pem for HAproxy AND downloads the OCSP staples from LE). As a bonus, you can have zero downtime renewals and use the TLS-SNI challenge, rather than relying on the "it's probably safe but it still feels wrong" http challenge. |
|
|