Raspberry Pi Farm upgrade

Today i have upgraded my Raspberry Pi farm:
– Upgrade OS (bullseye) to latest version
– Created wildcard *.plaatsoft.nl HTTP certificate
– Added HaProxy software load balancer (disable Apache reverse proxy)
– Now load balancer is taking care of the HTTPS offloading
– Now load balancer route HTTP traffic to correct apache node
– Upgrade WordPress to v6.0.2 and wordpress plugins

Letsencrypt wildcard certificate

To enable a Letsencrypt wildcard certificate do the following steps

Create NEW wildcard certificate

for example *.plaatsoft.nl

2a. Run following certbot command to create a wildcard certificate
sudo certbot certonly -d *. –manual

3a. Certbot will ask you to add an extra DNS entry (TXT) with a unique token
Add this record in your DNS

4a. Check with dig tool if DNS record is available (This can take some time)
sudo dig _acme-challenge.[DOMAIN_NAME].[DOMAIN_EXTENSION]

5a. Press “yes”. Then wildcard certifate is created

6a. Add new certificate to Apache or HaProxy.

7a. Case closed

UPGRADE existing wildcard certifcate

1b. Remove DNS TXT record (Updating it does not work, is my experience)

2b. Check with dig tool if DNS record is really removed (This can take some time)
sudo dig _acme-challenge.[DOMAIN_NAME].[DOMAIN_EXTENSION]

3b. Go to Step 2a