Version information
This module has been deprecated by its author since May 15th 2020.
The author has suggested bzed-dehydrated as its replacement.
Start using this module
Documentation
letsencrypt
Table of Contents
- Overview
- Module Description - What the module does and why it is useful
- Setup - The basics of getting started with letsencrypt
- Usage - Configuration options and additional functionality
- Reference - An under-the-hood peek at what the module is doing and how
- Limitations - OS compatibility, etc.
- Development - Guide for contributing to the module
Overview
bzed-letsencrypy is a flexible wrapper around certificate creation and signing around letsencrypt.sh - with the advantage that you private keys are never shipped by puppet.
Module Description
bzed-letsencrypy creates private keys and CSRs, transfers the CSR to a puppetmaster where it is signed using the well known letsencrypt.sh https://github.com/lukas2511/letsencrypt.sh
Signed certificates are shipped back to the appropriate host.
You need to provide an appropriate hook script for letsencryt.sh, The default is to use the dns-01 challenge, but if you hook supports it you could also create the necessary files for http-01.
Setup
What letsencrypt affects
- letsencrypt.sh is running at the puppetmaster host as it is easier to read and work with certificate files stored directly on the puppet master. Retrieving them using facter is unnecessarily complicated.
Setup Requirements
You need to ensure that exported ressources are working and pluginsync is enabled.
Beginning with letsencrypt
In the best case: add the letsencrupt class and override $domains with a list of domains you want to get certificates for.
Usage
class { 'letsencrypt' :
domains => [ 'foo.example.com', 'fuzz.example.com' ],
hook_source => 'puppet:///modules/mymodule/letsencrypt_sh_hook'
}
Reference
Classes:
- letsencrypt
- letsencrypt::params
- letsencrypt::request::handler
Defines:
- letsencrypt::csr
- letsencrypt::deploy
- letsencrypt::deploy::crt
- letsencrypt::request
Facts:
- letsencrypt_csrs
- letsencryp_csr_*
Parser Functions:
- check_certificate
Limitations
Not really well tested yet, no spec tests....
Development
Patches are very welcome!
Dependencies
- puppetlabs-stdlib (>= 1.0.0)
- camptocamp-openssl (>= 1.5.1)