Forge Home

Modules

Resources

PuppetEcosystemPuppet CommunityUpdates

letsencrypt

Deploy letsencrypt certificates using letsencrypt.sh
Project URLRSS FeedReport issues

21,731 downloads

5,918 latest version

5.0 quality score

We run a couple of automated
scans to help you access a
module's quality. Each module is
given a score based on how well
the author has formatted their
code and documentation and
modules are also checked for
malware using VirusTotal.

Please note, the information below
is for guidance only and neither of
these methods should be considered
an endorsement by Puppet.

Version information

  • 1.0.0 (latest)
  • 0.1.17
  • 0.1.16
  • 0.1.15
  • 0.1.14
  • 0.1.13
  • 0.1.12
  • 0.1.11
  • 0.1.10
  • 0.1.9
  • 0.1.8
  • 0.1.6
  • 0.1.5
  • 0.1.4
  • 0.1.3
  • 0.1.2
  • 0.1.1
  • 0.1.0
released Feb 5th 2016
This version is compatible with:
  • , , , , , ,
This module has been deprecated by its author since May 15th 2020.

The author has suggested bzed-dehydrated as its replacement.

Start using this module

Documentation

bzed/letsencrypt — version 0.1.2 Feb 5th 2016

letsencrypt

Table of Contents

  1. Overview
  2. Module Description - What the module does and why it is useful
  3. Setup - The basics of getting started with letsencrypt
  4. Usage - Configuration options and additional functionality
  5. Reference - An under-the-hood peek at what the module is doing and how
  6. Limitations - OS compatibility, etc.
  7. Development - Guide for contributing to the module

Overview

bzed-letsencrypy is a flexible wrapper around certificate creation and signing around letsencrypt.sh - with the advantage that you private keys are never shipped by puppet.

Module Description

bzed-letsencrypy creates private keys and CSRs, transfers the CSR to a puppetmaster where it is signed using the well known letsencrypt.sh https://github.com/lukas2511/letsencrypt.sh

Signed certificates are shipped back to the appropriate host.

You need to provide an appropriate hook script for letsencryt.sh, The default is to use the dns-01 challenge, but if you hook supports it you could also create the necessary files for http-01.

Setup

What letsencrypt affects

  • letsencrypt.sh is running at the puppetmaster host as it is easier to read and work with certificate files stored directly on the puppet master. Retrieving them using facter is unnecessarily complicated.

Setup Requirements

You need to ensure that exported ressources are working and pluginsync is enabled.

Beginning with letsencrypt

In the best case: add the letsencrupt class and override $domains with a list of domains you want to get certificates for.

Usage

On a puppet node where you need your certificates:

    class { 'letsencrypt' :
        domains     => [ 'foo.example.com', 'fuzz.example.com' ],
    }

Key and CSR will be generated on your node and the CSR is shipped to your puppetmaster for signing.

On your puppetmaster:

    class { 'letsencrypt' :
        hook_source => 'puppet:///modules/mymodule/letsencrypt_sh_hook'
    }

CSRs are collected and signed, and the resulting certificates and CA chain files are shipped back to your node.

Reference

Classes:

  • letsencrypt
  • letsencrypt::params
  • letsencrypt::request::handler

Defines:

  • letsencrypt::csr
  • letsencrypt::deploy
  • letsencrypt::deploy::crt
  • letsencrypt::request
  • letsencrypt::request::crt

Facts:

  • letsencrypt_csrs
  • letsencryp_csr_*
  • letsencrypt_crts

Limitations

Not really well tested yet, no spec tests....

Development

Patches are very welcome!