scripts/host-renew-certificates.sh

#!/usr/bin/env bash

# Host-side Certificate Renewal Script
# Run this from the host machine via cron to trigger certificate renewal inside the container

set -e

# Configuration
CONTAINER_NAME="${CONTAINER_NAME:-haproxy-manager}"
LOG_FILE="${LOG_FILE:-/var/log/haproxy-manager-host-renewal.log}"

# Logging
log_info() {
    echo "[$(date '+%Y-%m-%d %H:%M:%S')] [INFO] $*" | tee -a "$LOG_FILE"
}

log_error() {
    echo "[$(date '+%Y-%m-%d %H:%M:%S')] [ERROR] $*" | tee -a "$LOG_FILE"
}

log_info "Starting certificate renewal"

# Check if container is running
if ! docker ps --format '{{.Names}}' | grep -q "^${CONTAINER_NAME}$"; then
    log_error "Container '${CONTAINER_NAME}' is not running"
    exit 1
fi

# Run renewal script inside container
if docker exec "$CONTAINER_NAME" /haproxy/scripts/renew-certificates.sh; then
    log_info "Certificate renewal completed"
    exit 0
else
    log_error "Certificate renewal failed"
    exit 1
fi
Fix certificate renewal cron job and add host-side scheduling - Fixed crontab permissions (600) and ownership for proper cron execution - Added PATH environment variable to crontab to prevent command not found issues - Created dedicated renewal script with comprehensive logging and error handling - Added retry logic (3 attempts) for HAProxy reload with socket health checks - Implemented host-side renewal script for external cron scheduling via docker exec - Added crontab configuration examples for various renewal schedules - Updated README with detailed certificate renewal documentation This resolves issues where the cron job would not run or hang during execution. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> 2025-10-28 17:36:48 -07:00			`#!/usr/bin/env bash`

			`# Host-side Certificate Renewal Script`
Simplify certificate renewal scripts and add certbot cleanup Simplified all certificate renewal scripts to be more straightforward and reliable: - Scripts now just run certbot renew and copy cert+key files to HAProxy format - Removed overly complex retry logic and error handling - Both in-container and host-side scripts work with cron scheduling Added automatic certbot cleanup when domains are removed: - When a domain is deleted via API, certbot certificate is also removed - Prevents renewal errors for domains that no longer exist in HAProxy - Cleans up both HAProxy combined cert and Let's Encrypt certificate Script changes: - renew-certificates.sh: Simplified to 87 lines (from 215) - sync-certificates.sh: Simplified to 79 lines (from 200+) - host-renew-certificates.sh: Simplified to 36 lines (from 40) - All scripts use same pattern: query DB, copy certs, reload HAProxy Python changes: - remove_domain() now calls 'certbot delete' to remove certificates - Prevents orphaned certificates from causing renewal failures 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> 2025-11-20 09:56:56 -08:00			`# Run this from the host machine via cron to trigger certificate renewal inside the container`
Fix certificate renewal cron job and add host-side scheduling - Fixed crontab permissions (600) and ownership for proper cron execution - Added PATH environment variable to crontab to prevent command not found issues - Created dedicated renewal script with comprehensive logging and error handling - Added retry logic (3 attempts) for HAProxy reload with socket health checks - Implemented host-side renewal script for external cron scheduling via docker exec - Added crontab configuration examples for various renewal schedules - Updated README with detailed certificate renewal documentation This resolves issues where the cron job would not run or hang during execution. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> 2025-10-28 17:36:48 -07:00
			`set -e`

Simplify certificate renewal scripts and add certbot cleanup Simplified all certificate renewal scripts to be more straightforward and reliable: - Scripts now just run certbot renew and copy cert+key files to HAProxy format - Removed overly complex retry logic and error handling - Both in-container and host-side scripts work with cron scheduling Added automatic certbot cleanup when domains are removed: - When a domain is deleted via API, certbot certificate is also removed - Prevents renewal errors for domains that no longer exist in HAProxy - Cleans up both HAProxy combined cert and Let's Encrypt certificate Script changes: - renew-certificates.sh: Simplified to 87 lines (from 215) - sync-certificates.sh: Simplified to 79 lines (from 200+) - host-renew-certificates.sh: Simplified to 36 lines (from 40) - All scripts use same pattern: query DB, copy certs, reload HAProxy Python changes: - remove_domain() now calls 'certbot delete' to remove certificates - Prevents orphaned certificates from causing renewal failures 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> 2025-11-20 09:56:56 -08:00			`# Configuration`
Fix certificate renewal cron job and add host-side scheduling - Fixed crontab permissions (600) and ownership for proper cron execution - Added PATH environment variable to crontab to prevent command not found issues - Created dedicated renewal script with comprehensive logging and error handling - Added retry logic (3 attempts) for HAProxy reload with socket health checks - Implemented host-side renewal script for external cron scheduling via docker exec - Added crontab configuration examples for various renewal schedules - Updated README with detailed certificate renewal documentation This resolves issues where the cron job would not run or hang during execution. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> 2025-10-28 17:36:48 -07:00			`CONTAINER_NAME="${CONTAINER_NAME:-haproxy-manager}"`
			`LOG_FILE="${LOG_FILE:-/var/log/haproxy-manager-host-renewal.log}"`

Simplify certificate renewal scripts and add certbot cleanup Simplified all certificate renewal scripts to be more straightforward and reliable: - Scripts now just run certbot renew and copy cert+key files to HAProxy format - Removed overly complex retry logic and error handling - Both in-container and host-side scripts work with cron scheduling Added automatic certbot cleanup when domains are removed: - When a domain is deleted via API, certbot certificate is also removed - Prevents renewal errors for domains that no longer exist in HAProxy - Cleans up both HAProxy combined cert and Let's Encrypt certificate Script changes: - renew-certificates.sh: Simplified to 87 lines (from 215) - sync-certificates.sh: Simplified to 79 lines (from 200+) - host-renew-certificates.sh: Simplified to 36 lines (from 40) - All scripts use same pattern: query DB, copy certs, reload HAProxy Python changes: - remove_domain() now calls 'certbot delete' to remove certificates - Prevents orphaned certificates from causing renewal failures 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> 2025-11-20 09:56:56 -08:00			`# Logging`
Fix certificate renewal cron job and add host-side scheduling - Fixed crontab permissions (600) and ownership for proper cron execution - Added PATH environment variable to crontab to prevent command not found issues - Created dedicated renewal script with comprehensive logging and error handling - Added retry logic (3 attempts) for HAProxy reload with socket health checks - Implemented host-side renewal script for external cron scheduling via docker exec - Added crontab configuration examples for various renewal schedules - Updated README with detailed certificate renewal documentation This resolves issues where the cron job would not run or hang during execution. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> 2025-10-28 17:36:48 -07:00			`log_info() {`
			`echo "[$(date '+%Y-%m-%d %H:%M:%S')] [INFO] $*" \| tee -a "$LOG_FILE"`
			`}`

			`log_error() {`
			`echo "[$(date '+%Y-%m-%d %H:%M:%S')] [ERROR] $*" \| tee -a "$LOG_FILE"`
			`}`

Simplify certificate renewal scripts and add certbot cleanup Simplified all certificate renewal scripts to be more straightforward and reliable: - Scripts now just run certbot renew and copy cert+key files to HAProxy format - Removed overly complex retry logic and error handling - Both in-container and host-side scripts work with cron scheduling Added automatic certbot cleanup when domains are removed: - When a domain is deleted via API, certbot certificate is also removed - Prevents renewal errors for domains that no longer exist in HAProxy - Cleans up both HAProxy combined cert and Let's Encrypt certificate Script changes: - renew-certificates.sh: Simplified to 87 lines (from 215) - sync-certificates.sh: Simplified to 79 lines (from 200+) - host-renew-certificates.sh: Simplified to 36 lines (from 40) - All scripts use same pattern: query DB, copy certs, reload HAProxy Python changes: - remove_domain() now calls 'certbot delete' to remove certificates - Prevents orphaned certificates from causing renewal failures 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> 2025-11-20 09:56:56 -08:00			`log_info "Starting certificate renewal"`
Fix certificate renewal cron job and add host-side scheduling - Fixed crontab permissions (600) and ownership for proper cron execution - Added PATH environment variable to crontab to prevent command not found issues - Created dedicated renewal script with comprehensive logging and error handling - Added retry logic (3 attempts) for HAProxy reload with socket health checks - Implemented host-side renewal script for external cron scheduling via docker exec - Added crontab configuration examples for various renewal schedules - Updated README with detailed certificate renewal documentation This resolves issues where the cron job would not run or hang during execution. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> 2025-10-28 17:36:48 -07:00
			`# Check if container is running`
			`if ! docker ps --format '{{.Names}}' \| grep -q "^${CONTAINER_NAME}$"; then`
			`log_error "Container '${CONTAINER_NAME}' is not running"`
			`exit 1`
			`fi`

Simplify certificate renewal scripts and add certbot cleanup Simplified all certificate renewal scripts to be more straightforward and reliable: - Scripts now just run certbot renew and copy cert+key files to HAProxy format - Removed overly complex retry logic and error handling - Both in-container and host-side scripts work with cron scheduling Added automatic certbot cleanup when domains are removed: - When a domain is deleted via API, certbot certificate is also removed - Prevents renewal errors for domains that no longer exist in HAProxy - Cleans up both HAProxy combined cert and Let's Encrypt certificate Script changes: - renew-certificates.sh: Simplified to 87 lines (from 215) - sync-certificates.sh: Simplified to 79 lines (from 200+) - host-renew-certificates.sh: Simplified to 36 lines (from 40) - All scripts use same pattern: query DB, copy certs, reload HAProxy Python changes: - remove_domain() now calls 'certbot delete' to remove certificates - Prevents orphaned certificates from causing renewal failures 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> 2025-11-20 09:56:56 -08:00			`# Run renewal script inside container`
Fix certificate renewal cron job and add host-side scheduling - Fixed crontab permissions (600) and ownership for proper cron execution - Added PATH environment variable to crontab to prevent command not found issues - Created dedicated renewal script with comprehensive logging and error handling - Added retry logic (3 attempts) for HAProxy reload with socket health checks - Implemented host-side renewal script for external cron scheduling via docker exec - Added crontab configuration examples for various renewal schedules - Updated README with detailed certificate renewal documentation This resolves issues where the cron job would not run or hang during execution. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> 2025-10-28 17:36:48 -07:00			`if docker exec "$CONTAINER_NAME" /haproxy/scripts/renew-certificates.sh; then`
Simplify certificate renewal scripts and add certbot cleanup Simplified all certificate renewal scripts to be more straightforward and reliable: - Scripts now just run certbot renew and copy cert+key files to HAProxy format - Removed overly complex retry logic and error handling - Both in-container and host-side scripts work with cron scheduling Added automatic certbot cleanup when domains are removed: - When a domain is deleted via API, certbot certificate is also removed - Prevents renewal errors for domains that no longer exist in HAProxy - Cleans up both HAProxy combined cert and Let's Encrypt certificate Script changes: - renew-certificates.sh: Simplified to 87 lines (from 215) - sync-certificates.sh: Simplified to 79 lines (from 200+) - host-renew-certificates.sh: Simplified to 36 lines (from 40) - All scripts use same pattern: query DB, copy certs, reload HAProxy Python changes: - remove_domain() now calls 'certbot delete' to remove certificates - Prevents orphaned certificates from causing renewal failures 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> 2025-11-20 09:56:56 -08:00			`log_info "Certificate renewal completed"`
Fix certificate renewal cron job and add host-side scheduling - Fixed crontab permissions (600) and ownership for proper cron execution - Added PATH environment variable to crontab to prevent command not found issues - Created dedicated renewal script with comprehensive logging and error handling - Added retry logic (3 attempts) for HAProxy reload with socket health checks - Implemented host-side renewal script for external cron scheduling via docker exec - Added crontab configuration examples for various renewal schedules - Updated README with detailed certificate renewal documentation This resolves issues where the cron job would not run or hang during execution. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> 2025-10-28 17:36:48 -07:00			`exit 0`
			`else`
			`log_error "Certificate renewal failed"`
			`exit 1`
			`fi`