If the ACME plugin in OPNsense renews the certificates every 90 days, all services based on these certificates (HAProxy) will need a restart. In this case it is very advantageous that the "automation" can be done directly with the certificate renewal.

All BSDbox.de articles that use HAProxy have been extended by this function.
Only briefly describe here completely separately:

A new entry is created under "Services / ACME Client / Automations".

  • Name: Restart HAProxy
  • Run Command: Restart HAProxy

Then go to "Services / ACME Client / Certificates" and edit your entry that creates the certificates:

There you will find an automation field at the bottom where you can enter the "Restart HAProxy" you created earlier.

This means that every time a certificate is renewed, HAProxy is also restarted and then always works with the latest certificate.

If you find this content valuable and useful, then I'm happy about a feedback via Matrix or follow me on Mastodon.

Previous Post Next Post