DThese instructions generate a certificate using Let's Encrypt. 

Requirements

The DNS name (this is entered in the certificate) must be resolved via DNS and must be routed to the IP address of the load balancer.

This procedure cannot be used before that

Note: the automatic renewal of the certificate is not (yet) described by these instructions.

Execution

Installing Certbot

First certbot is installed.

yum install certbot

Clear Port 80

Then everything running on port 80 must be stopped. On the load balancer this is usually the haproxy itself.

service haproxy stop

Run Certbot

Then certbot is executed - it runs on port 80, and then receives a request from Let's Encrypt. 

Here it is important to adjust the first line - this must correspond EXACTLY to the DNS names. 

FQDN_SERVERNAME=myserver.mydomain.com
certbot certonly --standalone --preferred-challenges http --http-01-port 80 -d ${FQDN_SERVERNAME} -d ${FQDN_SERVERNAME}

PEM Erzeugen

Next, the .pem file (containing the full certificate chain and private key) is generated.

cat /etc/letsencrypt/live/${FQDN_SERVERNAME}/fullchain.pem /etc/letsencrypt/live/${FQDN_SERVERNAME}/privkey.pem > /etc/haproxy/haproxy.pem

Clean up

And at the end you can optionally clean up.

unset FQDN_SERVERNAME

Continue

Then continue as described under Role LB - Certificates for load balancers the certificate is now available in the file /etc/haproxy/haproxy.pem .