Git Product home page Git Product logo

puppet-letsencrypt's Introduction

Let's Encrypt

Build Status Puppet Forge Puppet Forge - downloads Puppet Forge - endorsement Puppet Forge - scores Documentation Status

This module installs the Let's Encrypt client from source and allows you to request certificates.

Support

This module is currently only written to work on Debian and RedHat based operating systems, although it may work on others. The supported Puppet versions are defined in the metadata.json

Dependencies

On EL (Red Hat, CentOS etc.) systems, the EPEL repository needs to be enabled for the Let's Encrypt client package.

The module can integrate with stahnma/epel to set up the repo by setting the configure_epel parameter to true (the default for RedHat) and installing the module.

On Debian Jessie the module assumes the package certbot is available. This package can be found in jessie-backports. When using puppetlabs/apt the following code can be used:

include ::apt
include ::apt::backports
apt::pin { 'jessie-backports-letsencrypt':
  release  => 'jessie-backports',
  packages => prefix(['acme', 'cryptography', 'openssl', 'psutil', 'setuptools', 'pyasn1', 'pkg-resources'], 'python-'),
  priority => 700,
}

Usage

To install the Let's Encrypt client with the default configuration settings you must provide your email address to register with the Let's Encrypt servers:

class { ::letsencrypt:
  email => '[email protected]',
}

If using EL7 without EPEL-preconfigured, add configure_epel:

class { ::letsencrypt:
  configure_epel => true,
  email          => '[email protected]',
}

(If you manage epel some other way, disable it with configure_epel => false.)

This will install the Let's Encrypt client and its dependencies, agree to the Terms of Service, initialize the client, and install a configuration file for the client.

Alternatively, you can specify your email address in the $config hash:

class { ::letsencrypt:
  config => {
    email  => '[email protected]',
    server => 'https://acme-v01.api.letsencrypt.org/directory',
  }
}

During testing, you probably want to direct to the staging server instead with server => 'https://acme-staging.api.letsencrypt.org/directory'

If you don't wish to provide your email address, you can set the unsafe_registration parameter to true (this is not recommended):

class { ::letsencrypt:
  unsafe_registration => true,
}

To request a certificate for foo.example.com using the certonly installer and the standalone authenticator:

letsencrypt::certonly { 'foo.example.com': }

To request a certificate for foo.example.com and bar.example.com with the certonly installer and the apache authenticator:

letsencrypt::certonly { 'foo':
  domains => ['foo.example.com', 'bar.example.com'],
  plugin  => 'apache',
}

To request a certificate using the webroot plugin, the paths to the webroots for all domains must be given through webroot_paths. If domains and webroot_paths are not the same length, the last webroot_paths element will be used for all subsequent domains.

letsencrypt::certonly { 'foo':
  domains       => ['foo.example.com', 'bar.example.com'],
  plugin        => 'webroot',
  webroot_paths => ['/var/www/foo', '/var/www/bar'],
}

If you need to pass a command line flag to the letsencrypt-auto command that is not supported natively by this module, you can use the additional_args parameter to pass those arguments:

letsencrypt::certonly { 'foo':
  domains         => ['foo.example.com', 'bar.example.com'],
  plugin          => 'apache',
  additional_args => ['--foo bar', '--baz quuz'],
}
  • ensure_cron can be used to automatically renew the certificate
  • cron_success_command can be used to run a shell command on a successful renewal
  • cron_before_command can be used to run a shell command before a renewal
  • cron_monthday can be used to specify one or multiple days of the month to run the cron job (defaults to every day)
  • cron_hour can be used to specify hour(s) to run the cron job (defaults to a seeded random hour)
  • cron_minute can be used to specify minute(s) to run the cron job (defaults to a seeded random minute)
  • suppress_cron_output can be used to disable output (and resulting emails) generated by the cron command
letsencrypt::certonly { 'foo':
  domains              => ['foo.example.com', 'bar.example.com'],
  ensure_cron          => 'present',
  cron_hour            => [0,12],
  cron_minute          => '30',
  cron_before_command  => 'service nginx stop',
  cron_success_command => '/bin/systemctl reload nginx.service',
  suppress_cron_output => true,
}

Development

  1. Fork it
  2. Create a feature branch
  3. Write a failing test
  4. Write the code to make that test pass
  5. Refactor the code
  6. Submit a pull request

We politely request (demand) tests for all new features. Pull requests that contain new features without a test will not be considered. If you need help, just ask!

puppet-letsencrypt's People

Contributors

alexjfisher avatar andreagiardini avatar arthurbarton avatar bastelfreak avatar baurmatt avatar brigriffin avatar dan33l avatar danzilio avatar domcleal avatar ekohl avatar ghoneycutt avatar glorpen avatar hdeadman avatar igalic avatar jethrocarr avatar juniorsysadmin avatar k0hax avatar kallies avatar lavaburn avatar lazyfrosch avatar llowder avatar mheistermann avatar nick-dasilva avatar saimonn avatar stephenwade avatar thomasvs avatar tomgillett avatar wayneoween avatar wimmesberger avatar wyardley avatar

Watchers

avatar avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.