Skip to content
Acts as ACME challenge proxy. Deploy Let's Encrypt certificates in networks with split DNS.
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.
haproxy-acme-validation-proxy-plugin @ a56691a

HAProxy ACME proxy

Forward ACME challenge requests to local clients. Clients on the intranet with valid local dns entries can request certs using standard tools.


Make sure your docker host uses the intranet dns server for name resolution.

By default, all domains are allowed. You should limit this to the domain prefixes used on the intranet to not leak requests. The environment variable ACME_DOMAINS holds a regex to filter incomming requests with.

asdf asfsdaf
.* any string/domain (default)
^intra\.example\.com$ exacty
(\.i\.example\.com)$|(\.iana\.org)$ any subdomain under or any subdomain under

Keep in mind that a regex like iana\.org$ also matches a domain like, so better use something like (\.|^)$ in that case


Change 8888 to the port you want your firewall/gateway to forward requests to

docker run -p 8888:80 -e ACME_DOMAINS="(\.i\.example\.com)$" -d joellinn/haproxy-acme-proxy
You can’t perform that action at this time.