Yes, very much so. Almost everything in that script is something certbot (and letsencrypt before it) already does. As to creating the combined file and putting it in the right place, check out the certbot docs on the
--deploy-hook flag. It could be as simple as
--deploy-hook "cat fullchain.pem privkey.pem > domain.pem && service haproxy reload", or you could write a small script to accomplish only those two things and use
--deploy-hook /path/to/script. But whichever way you do it, you’d only need to enter that option the first time you obtain the cert. For that, you’d do (adding whatever other options are needed)
certbot certonly --agree-tos --standalone --http-01-port 54321 -d blah -d blah --deploy-hook /path/to/hook
Once certbot obtains the cert, all those options are saved. Your renew cronjob, then, just needs to look like
3 */12 * * * root /usr/bin/certbot renew -q
There may be other ways around this (like using DNS validation), but that’s easy enough to understand; I figured it was something along those lines.
…but this shouldn’t happen–all the options should be saved in the renewal .conf file.