I have been using letsencrypt for the better part of the last year - it has been great. I have been slowly trying to increment this towards automation.
I am using DNS challenge with SAN certs for the bulk of our domains and then generating an haproxy specific cert. In addition we are starting to use this with GCP loadbalancers which take a similar cert. It all works pretty well but I have a few questions on smoothing this out a bit.
- even with the “agree-tos” flag set (see below) I still get asked if it is ok to log my IP. How do I autoanswer that question?
My full update looks like this:
certbot-auto --agree-tos -m firstname.lastname@example.org --manual --preferred-challenges dns certonly --cert-name xxx_SAN_cert -d xxx.com,c.xxx.com,cdn.xxx.com,www.xxx.com
when I generate the haproxy cert I do this:
cat fullchain.pem privkey.pem > /etc/ansible/vault_vars/ssl_keys/xxx_cert
Thnak you for any advice on how to do this better