Page Menu
Home
Software Heritage
Search
Configure Global Search
Log In
Files
F9696911
README.md
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Size
5 KB
Subscribers
None
README.md
View Options
#
Let
'
s
Encrypt
[](https://travis-ci.org/voxpupuli/puppet-letsencrypt)
[](https://forge.puppetlabs.com/puppet/letsencrypt)
[](https://forge.puppetlabs.com/puppet/letsencrypt)
[](https://forge.puppetlabs.com/puppet/letsencrypt)
[](https://forge.puppetlabs.com/puppet/letsencrypt)
[](http://voxpupuli.github.io/puppet-letsencrypt)
This
module
installs
the
Let
'
s
Encrypt
client
from
source
and
allows
you
to
request
certificates
.
##
Support
This
module
requires
Puppet
>=
4.7
.
0
.
and
is
currently
only
written
to
work
on
Debian
and
RedHat
based
operating
systems
,
although
it
may
work
on
others
.
##
Dependencies
On
EL
(
Red
Hat
,
CentOS
etc
.)
systems
,
the
EPEL
repository
needs
to
be
enabled
for
the
Let
'
s
Encrypt
client
package
.
The
module
can
integrate
with
[
stahnma
/
epel
](
https
:
//forge.puppetlabs.com/stahnma/epel)
to
set
up
the
repo
by
setting
the
`
configure_epel
`
parameter
to
`
true
`
(
the
default
for
RedHat
)
and
installing
the
module
.
On
Debian
Jessie
the
module
assumes
the
package
certbot
is
available
.
This
package
can
be
found
in
jessie
-
backports
.
When
using
[
puppetlabs
/
apt
](
https
:
//forge.puppet.com/puppetlabs/apt) the following code
can
be
used
:
```
puppet
include
::
apt
include
::
apt
::
backports
apt
::
pin
{
'
jessie
-
backports
-
letsencrypt
'
:
release
=>
'
jessie
-
backports
'
,
packages
=>
prefix
([
'
acme
'
,
'
cryptography
'
,
'
openssl
'
,
'
psutil
'
,
'
setuptools
'
,
'
pyasn1
'
,
'
pkg
-
resources
'
],
'
python
-
'
),
priority
=>
700
,
}
```
##
Usage
To
install
the
Let
'
s
Encrypt
client
with
the
default
configuration
settings
you
must
provide
your
email
address
to
register
with
the
Let
'
s
Encrypt
servers
:
```
puppet
class
{
::
letsencrypt
:
email
=>
'
foo
@
example
.
com
'
,
}
```
If
using
EL7
without
EPEL
-
preconfigured
,
add
`
configure_epel
`
:
```
puppet
class
{
::
letsencrypt
:
configure_epel
=>
true
,
email
=>
'
foo
@
example
.
com
'
,
}
```
(
If
you
manage
epel
some
other
way
,
disable
it
with
`
configure_epel
=>
false
`
.)
This
will
install
the
Let
'
s
Encrypt
client
and
its
dependencies
,
agree
to
the
Terms
of
Service
,
initialize
the
client
,
and
install
a
configuration
file
for
the
client
.
Alternatively
,
you
can
specify
your
email
address
in
the
$
config
hash
:
```
puppet
class
{
::
letsencrypt
:
config
=>
{
email
=>
'
foo
@
example
.
com
'
,
server
=>
'
https
:
//acme-v01.api.letsencrypt.org/directory',
}
}
```
During
testing
,
you
probably
want
to
direct
to
the
staging
server
instead
with
`
server
=>
'
https
:
//acme-staging.api.letsencrypt.org/directory'`
If
you
don
'
t
wish
to
provide
your
email
address
,
you
can
set
the
`
unsafe_registration
`
parameter
to
`
true
`
(
this
is
not
recommended
):
```
puppet
class
{
::
letsencrypt
:
unsafe_registration
=>
true
,
}
```
To
request
a
certificate
for
`
foo
.
example
.
com
`
using
the
`
certonly
`
installer
and
the
`
standalone
`
authenticator
:
```
puppet
letsencrypt
::
certonly
{
'
foo
.
example
.
com
'
:
}
```
To
request
a
certificate
for
`
foo
.
example
.
com
`
and
`
bar
.
example
.
com
`
with
the
`
certonly
`
installer
and
the
`
apache
`
authenticator
:
```
puppet
letsencrypt
::
certonly
{
'
foo
'
:
domains
=>
[
'
foo
.
example
.
com
'
,
'
bar
.
example
.
com
'
],
plugin
=>
'
apache
'
,
}
```
To
request
a
certificate
using
the
`
webroot
`
plugin
,
the
paths
to
the
webroots
for
all
domains
must
be
given
through
`
webroot_paths
`
.
If
`
domains
`
and
`
webroot_paths
`
are
not
the
same
length
,
the
last
`
webroot_paths
`
element
will
be
used
for
all
subsequent
domains
.
```
puppet
letsencrypt
::
certonly
{
'
foo
'
:
domains
=>
[
'
foo
.
example
.
com
'
,
'
bar
.
example
.
com
'
],
plugin
=>
'
webroot
'
,
webroot_paths
=>
[
'
/
var
/
www
/
foo
'
,
'
/
var
/
www
/
bar
'
],
}
```
If
you
need
to
pass
a
command
line
flag
to
the
`
letsencrypt
-
auto
`
command
that
is
not
supported
natively
by
this
module
,
you
can
use
the
`
additional_args
`
parameter
to
pass
those
arguments
:
```
puppet
letsencrypt
::
certonly
{
'
foo
'
:
domains
=>
[
'
foo
.
example
.
com
'
,
'
bar
.
example
.
com
'
],
plugin
=>
'
apache
'
,
additional_args
=>
[
'
--
foo
bar
'
,
'
--
baz
quuz
'
],
}
```
To
automatically
renew
a
certificate
,
you
can
pass
the
`
manage_cron
`
parameter
.
You
can
optionally
add
a
shell
command
to
be
run
on
success
using
the
`
cron_success_command
`
parameter
.
You
can
optionally
add
a
shell
command
to
be
run
on
before
using
the
`
cron_before_command
`
parameter
.
You
can
disable
output
(
and
resulting
emails
)
generated
by
the
cron
command
using
the
`
suppress_cron_output
`
parameter
.
```
puppet
letsencrypt
::
certonly
{
'
foo
'
:
domains
=>
[
'
foo
.
example
.
com
'
,
'
bar
.
example
.
com
'
],
manage_cron
=>
true
,
cron_before_command
=>
'
service
nginx
stop
'
,
cron_success_command
=>
'
/
bin
/
systemctl
reload
nginx
.
service
'
,
suppress_cron_output
=>
true
,
}
```
##
Development
1
.
Fork
it
2
.
Create
a
feature
branch
3
.
Write
a
failing
test
4
.
Write
the
code
to
make
that
test
pass
5
.
Refactor
the
code
6
.
Submit
a
pull
request
We
politely
request
(
demand
)
tests
for
all
new
features
.
Pull
requests
that
contain
new
features
without
a
test
will
not
be
considered
.
If
you
need
help
,
just
ask
!
File Metadata
Details
Attached
Mime Type
text/plain
Expires
Mon, Aug 18, 10:04 PM (23 h, 2 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
3364041
Attached To
R192 puppet-puppet-letsencrypt
Event Timeline
Log In to Comment