PRODUCTION LB1 enter
certbot -d domainname.co.uk -d www.domainname.co.uk --manual --preferred-challenges dns certonly
Get verification and add as TXT dns entry Repeat for the non www domain version /usr/local/bin/renew.sh on
PRODUCTION lb2 enter
certbot certonly --standalone --http-01-port 54321 -d www.ollybobbins.co.uk -d ollybobbins.co.uk
Note the /usr/local/bin/renew.sh is just a hook script we added to help updated haproxy. I ran it directly (which you can do at any time) and it created the correct bits in /etc/haproxy/certs
In case you had not already, you would also need to update haproxy to make sure it will handle the additional domains. I;ve done that for you now.
This is in /etc/haproxy/haproxy.cfg - add pem entry.
There was also a syntax error in the haproxy config, each cert needs 'crt $filename' rather than just $filename. I fixed that for now and verified the base domain name works ok, but that redirects to www...
EDIT: After verification, add their domain in the following format to /etc/haproxy/crt-list.txt
/etc/haproxy/certs/domainname.co.uk.pem domainname.co.uk www.domainname.co.uk
Then run "/usr/local/bin/renew.sh"
Following for Elizabeths only: if origin SSL expires need to generate and install new one through cloudflare and then apply to both load balancers