Solution for Let's Encrypt and HAProxy


I guess i am not the only one wondering about how to issue/renew certificates for domains served by HAProxy without having to take HAProxy offline while running LE in standalone mode.

Since i can’t afford any downtime on my load-balancers i wrote a Lua plugin for HAProxy that enables http-01 domain validations against running HAProxy instances.

HAProxy ACME validation plugin introduces HAProxy compatibility for Let’s Encrypt’s “webroot” method.

Feedback welcome!


I reported a question as an issue on your repo since I didn’t remember how I found it. Should have asked here of course - too many browser tabs :slight_smile:


So basically this makes HAProxy answer the request directly via a small web server in LUA, correct?