Certbot's autorenewal depends on those other supporting files. You will need to get a new certificate using Certbot, but you can do it without any downtime.
Step 1: Prepare haproxy so that we can use Certbot with it.
Add this backend to your configuration (Certbot will use this port):
server certbot 127.0.0.1:402
and also add this rule to your frontend, so that Let's Encrypt's validation requests will be forwarded to Certbot:
acl is_letsencrypt_request path_beg /.well-known/acme-challenge/
use_backend certbot if is_letsencrypt_request
Reload haproxy (without restart, no downtime).
Step 2: Create a deploy hook to automatically perform the concatenation and deployment:
You can save this as
cat "$RENEWED_LINEAGE/fullchain.pem" "$RENEWED_LINEAGE/privkey.pem" > "$RENEWED_LINEAGE/haproxy.pem"
service haproxy reload
and give it appropriate permissions:
chmod 0755 /etc/letsencrypt/deploy-haproxy.sh
Step 3: Finally, create the certificate:
certbot certonly --standalone --http-01-port 402 \
--deploy-hook /etc/letsencrypt/deploy-haproxy.sh \
-d example.com -d www.example.com
Assuming that succeeds, you can now change your haproxy configuration to use
/etc/letsencrypt/live/example.com/haproxy.pem and reload it. Renewals will be done automatically.
This covers all the steps you need to go from nothing to automated haproxy renewals, without causing haproxy downtime. You can make adjustments for your environment where necessary.