I have multiple web servers behind an Haproxy working with letsencrypt certificate that was created with Certbot/Apache (https://mydomain.com).
Now I have already created a cert with acme.sh (otherdomain.com). I would like to know the best way to renew mydomain.com certificate, which was created with Certbot but now with Acme.sh.
The operating system: Ubuntu server 22.04
Load balancer: HaProxy 2.8.2
acme version : 3.0.7
Thanks in advance
Hi @rufhair, and welcome to the LE community forum 
In short: You can't RENEW a cert that was generated with one ACME client via another ACME client.
You can: Stop using the first ACME client and start using the second ACME client [for same domains].
The second ACME client will know nothing about the first and thus must start fresh.
You can use it to obtain a new cert as normal and go from there.
That said, doesn't haproxy have its' own method of obtaining certs?
Ok I got it. Thanks for your help.
What we used to do to renew certificates with certbot was:
Now with acme.sh I don't have to restart services.
There used to be an option like --http-01-port 8080 for renewing without restarting the service, but last time I tried on HaProxy load balancer, I found that those options were not available anymore.
I'm pretty sure certbot can do that too.
--http-01-port HTTP01_PORT
Port used in the http-01 challenge. This only affects
the port Certbot listens on. A conforming ACME server
will still attempt to connect on port 80. (default:
80)
See: User Guide — Certbot 2.6.0 documentation (eff-certbot.readthedocs.io)
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.