lets-encrypt | php wrapper for the let 's encrypt SSL certificate signing | TLS library

Having deployed an EKS 1.21 cluster using CDK, then using https://cert-manager.io/docs/installation/ as a guide, I have attempted to install cert-manager with the end goal of using Let's Encrypt certificates for TLS-enabled services.

Creating IAM policies in my Stack's code:

I deployed an multicontainer application with Mautic behind a Traefik reverse proxy. However, I am getting a "Gateway timeout".

The reverse proxy's configuration seems OK as other containers within the application work fine.

I also changed the mautic settings to the mautics domain name.

Any idea?

docker-compose.yml

I'm trying to deploy a docker container to my Kubernetes cluster, but I'm running into an issue with passing the required command-line arguments to the container. I need to pass two arguments called --provider local and --basedir /tmp. Here is what the docker run command looks like (I can run this without any issues on my docker host):

Looking at the instructions here: https://certbot.eff.org/lets-encrypt/ubuntubionic-haproxy

I'm in a situation where I have 2 HaProxy instances, each in a docker container, on different machines. The domain names are the same. This is done for redundancy purposes.

Googling "multiple letsencrypt" or "multiple certbot" just leads to solutions for creating certificates for many domains at the same time.

This is good for subdomains, but it doesn't explain what I'm expected to do if I have more than 1 server running haproxy.

Run certbot on 1 server only, then copy the file over? If so, what about renewing the certificate? Can it no longer be automated?

Also, because of urls, certain subdomains will go to one server or the other. But both must be able to serve all the urls.

Or does this situation call for a different approach entirely? Should I use the manual mode, generate the certificates, and then update them manually?

Thanks for any help.

I have a Java application that references my letsencrypt cert.pem and privkey.pem file to secure a backend API. The files were generated by certbot by following this guide.

My application complains that the files do not exist, when they actually do. Which brings me to the conclusion that the Linux user that runs the application does not have access to the files.

I have tried various commands to grant myself access to the files but none have worked.

Here are the following commands I have tried:

I'm trying to set up geoserver and traefik with docker, but having an issue with the paths.

Geoserver's main entrypoint is at /geoserver, but I want to make it accessible at the root path of my domain, let's say example.com. Here's the docker-compose file I put together:

I am running an old version of certbot on ubuntu 14.04 and have to upgrade since that version is not supported anymore. And it looks like newer versions of certbot is not supported on 14.04 anymore.

Certbot is installed on the loadbalancer server. Haproxy handles the routing of acme traffic and other web traffic. The web servers and database server are on different machines.

Since we have a lot of websites in that certificate, I don't want to mess things up :)

What I am afraid of is that I might run into problems along the way and then I want to be able to use my current (still not expired) certificate.

My plan is to first update ubuntu from 14.04 to 16.04, then 16.04 to 18.04, then 18.04 to 20.04. And then I will install a new version of certbot. (Perhaps using snap since that is recommended on the certbot webpage https://certbot.eff.org/lets-encrypt/ubuntufocal-haproxy)

So my question is basically, can I keep a copy of the certificate and use it as long as it not expired? I am afraid that in the renewal process, it might be revoked. And I don't want that.

Thanks in advance!

My problem is self assigned cert instead of lets-encrypt cert
docker-compose.yml:

I am trying to follow this tutorial to create certificates in Azure for a custom domain. I have the same issue as Marc:

However, I have set access to DNS Zone already:

Could the problem be that is it a custom Domain? If so any workaround, if not anything else to check?