This version is compatible with:
- Puppet Enterprise 2023.1.x, 2023.0.x, 2021.7.x, 2021.6.x, 2021.5.x, 2021.4.x, 2021.3.x, 2021.2.x, 2021.1.x, 2021.0.x, 2019.8.x
- Puppet >= 6.21.0 < 8.0.0
- , , , , ,
Start using this module
Add this module to your Puppetfile:
Learn more about managing modules with a Puppetfilemod 'albatrossflavour-pe_console_letsencrypt', '0.1.0'
Table of Contents
- Setup - The basics of getting started with pe_console_letsencrypt
- Usage - Configuration options and additional functionality
- Limitations - OS compatibility, etc.
- Development - Guide for contributing to the module
Managing the Puppet console's SSL certificates can be automated, but it's not straightforward if you want them to be managed by Let's Encrypt.
This module will allow you request, install, and manage valid SSL certs for your console, via Let's Encrypt.
It does require that port 80 on your puppet server is accessible from the internet, and that your puppet servers has a publicly resolvable DNS name.
What pe_console_letsencrypt affects
The module will replace the autogenerated, self-signed, SSL certificates used by default. These certs are usually found in
It uses the letsencrypt module from Vox Pupuli to do the hard lifting.
You MUST disable the default
http_redirect vhost which is created as part of a PE install. This can be done by setting the following value in the puppet server's hiera:
The value can also be set in the Puppet console by adding it as "Configuration data" against the
PE Console node group.
The module will check that it is disabled and will cause a catalog compilation failure if it isn't.
You should also ensure you're not specifying any certificates in
hiera. Check the key
puppet_enterprise::profile::console for any values matching
Beginning with pe_console_letsencrypt
At the very basic level, you can simply:
- Add the module and dependencies to your
- Add the following hiera to
- Classify your puppet server with :
Only works with Puppet Enterprise
Fork, develop, submit a pull request
Please make sure all pull requests include testing and that the tests pass
Table of Contents
pe_console_letsencrypt: Manage SSL certs for NGINX on PE using letsencrypt
Manage SSL certs for NGINX on PE using letsencrypt
The following parameters are available in the
Stdlib::Absolutepath The directory containing the nginx config for the console
Stdlib::Absolutepath The directory containing the letsencrypt config
Stdlib::Absolutepath The directory we should use as the docroot
Stdlib::Filemode Octal value for the file permissions
Stdlib::Email Email address to use when requesting the certificates
Stdlib::Port Port to use for the nginx server
String User running the puppet console services
String Group running the puppet console services
Boolean Should we manage the letsencrypt install?
Stdlib::Absolutepath Where are the PE console certs?
All notable changes to this project will be documented in this file. The format is based on Keep a Changelog and this project adheres to Semantic Versioning.
- 4 check for existing browser certs and keys in hiera #5 (albatrossflavour)
* This Changelog was automatically generated by github_changelog_generator
- puppetlabs-stdlib (>= 4.13.1 < 9.0.0)
- puppet-letsencrypt (>= 9.0.0 < 10.0.0)