Version information
released Dec 20th 2016
This version is compatible with:
- Puppet Enterprise 2023.8.x, 2023.7.x, 2023.6.x, 2023.5.x, 2023.4.x, 2023.3.x, 2023.2.x, 2023.1.x, 2023.0.x, 2021.7.x, 2021.6.x, 2021.5.x, 2021.4.x, 2021.3.x, 2021.2.x, 2021.1.x, 2021.0.x, 2019.8.x, 2019.7.x, 2019.5.x, 2019.4.x, 2019.3.x, 2019.2.x, 2019.1.x, 2019.0.x, 2018.1.x, 2017.3.x, 2017.2.x, 2017.1.x, 2016.5.x, 2016.4.x
- Puppet >= 3.4.0
- , , ,
Start using this module
Add this module to your Puppetfile:
mod 'danzilio-letsencrypt', '999.999.999'Learn more about managing modules with a PuppetfileDocumentation
danzilio/letsencrypt — version 999.999.999 Dec 20th 2016
THIS MODULE HAS BEEN MOVED TO VOXPUPULI
This module has been donated to Vox Pupuli and can be found at https://github.com/voxpupuli/puppet-letsencrypt.
This module installs the Let's Encrypt client from source and allows you to request certificates.
Support
This module requires Puppet >= 3.4. and is currently only written to work on Debian and RedHat based operating systems, although it may work on others.
Dependencies
On EL (Red Hat, CentOS etc.) systems, the EPEL repository needs to be enabled for the Let's Encrypt client package.
The module can integrate with stahnma/epel
to set up the repo by setting the configure_epel parameter to true (the default for RedHat) and
installing the module.
Usage
To install the Let's Encrypt client with the default configuration settings you must provide your email address to register with the Let's Encrypt servers:
class { ::letsencrypt:
email => 'foo@example.com',
}
If using EL7 without EPEL-preconfigured, add configure_epel:
class { ::letsencrypt:
configure_epel => true,
email => 'foo@example.com',
}
(If you manage epel some other way, disable it with configure_epel => false.)
This will install the Let's Encrypt client and its dependencies, agree to the Terms of Service, initialize the client, and install a configuration file for the client.
Alternatively, you can specify your email address in the $config hash:
class { ::letsencrypt:
config => {
email => 'foo@example.com',
server => 'https://acme-v01.api.letsencrypt.org/directory',
}
}
During testing, you probably want to direct to the staging server instead with
server => 'https://acme-staging.api.letsencrypt.org/directory'
If you don't wish to provide your email address, you can set the
unsafe_registration parameter to true (this is not recommended):
class { ::letsencrypt:
unsafe_registration => true,
}
To request a certificate for foo.example.com using the certonly installer
and the standalone authenticator:
letsencrypt::certonly { 'foo.example.com': }
To request a certificate for foo.example.com and bar.example.com with the
certonly installer and the apache authenticator:
letsencrypt::certonly { 'foo':
domains => ['foo.example.com', 'bar.example.com'],
plugin => 'apache',
}
To request a certificate using the webroot plugin, the paths to the webroots
for all domains must be given through webroot_paths. If domains and
webroot_paths are not the same length, the last webroot_paths element will
be used for all subsequent domains.
letsencrypt::certonly { 'foo':
domains => ['foo.example.com', 'bar.example.com'],
plugin => 'webroot',
webroot_paths => ['/var/www/foo', '/var/www/bar'],
}
If you need to pass a command line flag to the letsencrypt-auto command that
is not supported natively by this module, you can use the additional_args
parameter to pass those arguments:
letsencrypt::certonly { 'foo':
domains => ['foo.example.com', 'bar.example.com'],
plugin => 'apache',
additional_args => ['--foo bar', '--baz quuz'],
}
To automatically renew a certificate, you can pass the manage_cron parameter.
You can optionally add a shell command to be run on success using the cron_success_command parameter.
letsencrypt::certonly { 'foo':
domains => ['foo.example.com', 'bar.example.com'],
manage_cron => true,
cron_success_command => '/bin/systemctl reload nginx.service',
}
Development
- Fork it
- Create a feature branch
- Write a failing test
- Write the code to make that test pass
- Refactor the code
- Submit a pull request
We politely request (demand) tests for all new features. Pull requests that contain new features without a test will not be considered. If you need help, just ask!
Change log
All notable changes to this project will be documented in this file. This project adheres to Semantic Versioning.
Unreleased
- Ability to run commands after a successful cronjob-based renewal with the
cron_success_commandparameter.
1.0.0 - 2016-02-22
Added
- Backwards compatibility with Puppet >= 3.4
- Ability to select the
letsencryptinstall method using theinstall_methodparameter. Current supported options arepackageandvcs. - The
manage_installparameter now lets the user select whether they want to manage the installation ofletsencryptwith this module. - The
configure_epelparameter now lets the user manage the EPEL repository on EL systems. It is set totrueby default. Thestahnma/epelmodule is now a dependency.
Breaking
- Removed the
letsencrypt_pathparameter inletsencrypt::certonlyin favor ofletsencrypt_commandin order to support thepackagebased installation method. - The default installation method has changed for RedHat, Debian
>= 9, and Ubuntu>= 16.04fromvcstopackage.
0.4.0 - 2016-01-31
Added
- Ability to renew automatically via cron with
manage_cronparameter. - Ability to manage multiple webroots with
webroot_pathsparameter.
Change
- Added
--agree-tosto theletsencryptcommands. - Use
ensure_packagesinstead of apackageresource for the dependencies.
0.3.2 - 2015-12-14
Changed
- Using the
-aparameter to define the plugin instead of--<plugin_name>. - Dependencies are now defined with
ensure_packagesinstead of thepackageresource.
0.3.1 - 2015-12-08
Added
- Pushing an updated CHANGELOG (forgot to do this with 0.3.0)
0.3.0 - 2015-12-08
Added
- Added
email,agree_tos, andunsafe_registrationparameters. - Added support for RedHat (no real changes here: verified that the module works, updated
metadata.jsonand removed the artificial constraint). - Made the configuration more opinionated by requiring valid registration settings and requiring the user to agree to the Terms of Service.
Changed
- The
emailparameter or anemailkey in$configis now required. This may break existing functionality where users were not specifying an email address. - Broke the configuration out into a
configclass.
0.2.0 - 2015-12-03
Added
- Added
additional_argsparameter toletsencrypt::certonly
0.1.0 - 2015-12-03
Initial Release
Dependencies
- puppetlabs/stdlib (>=4.6.0 <5.0.0)
- puppetlabs/inifile (>=1.4.0 <2.0.0)
- puppetlabs/vcsrepo (>=1.3.0 <2.0.0)
- stahnma/epel (>=1.0.0 <2.0.0)
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction, and
distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by the
copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all other
entities that control, are controlled by, or are under common control with
that entity. For the purposes of this definition, "control" means (i) the
power, direct or indirect, to cause the direction or management of such
entity, whether by contract or otherwise, or (ii) ownership of
fifty percent (50%) or more of the outstanding shares, or (iii) beneficial
ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity exercising
permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation source,
and configuration files.
"Object" form shall mean any form resulting from mechanical transformation
or translation of a Source form, including but not limited to compiled
object code, generated documentation, and conversions to
other media types.
"Work" shall mean the work of authorship, whether in Source or Object
form, made available under the License, as indicated by a copyright notice
that is included in or attached to the work (an example is provided in the
Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object form,
that is based on (or derived from) the Work and for which the editorial
revisions, annotations, elaborations, or other modifications represent,
as a whole, an original work of authorship. For the purposes of this
License, Derivative Works shall not include works that remain separable
from, or merely link (or bind by name) to the interfaces of, the Work and
Derivative Works thereof.
"Contribution" shall mean any work of authorship, including the original
version of the Work and any modifications or additions to that Work or
Derivative Works thereof, that is intentionally submitted to Licensor for
inclusion in the Work by the copyright owner or by an individual or
Legal Entity authorized to submit on behalf of the copyright owner.
For the purposes of this definition, "submitted" means any form of
electronic, verbal, or written communication sent to the Licensor or its
representatives, including but not limited to communication on electronic
mailing lists, source code control systems, and issue tracking systems
that are managed by, or on behalf of, the Licensor for the purpose of
discussing and improving the Work, but excluding communication that is
conspicuously marked or otherwise designated in writing by the copyright
owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity on
behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License.
Subject to the terms and conditions of this License, each Contributor
hereby grants to You a perpetual, worldwide, non-exclusive, no-charge,
royalty-free, irrevocable copyright license to reproduce, prepare
Derivative Works of, publicly display, publicly perform, sublicense,
and distribute the Work and such Derivative Works in
Source or Object form.
3. Grant of Patent License.
Subject to the terms and conditions of this License, each Contributor
hereby grants to You a perpetual, worldwide, non-exclusive, no-charge,
royalty-free, irrevocable (except as stated in this section) patent
license to make, have made, use, offer to sell, sell, import, and
otherwise transfer the Work, where such license applies only to those
patent claims licensable by such Contributor that are necessarily
infringed by their Contribution(s) alone or by combination of their
Contribution(s) with the Work to which such Contribution(s) was submitted.
If You institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work or a
Contribution incorporated within the Work constitutes direct or
contributory patent infringement, then any patent licenses granted to
You under this License for that Work shall terminate as of the date such
litigation is filed.
4. Redistribution.
You may reproduce and distribute copies of the Work or Derivative Works
thereof in any medium, with or without modifications, and in Source or
Object form, provided that You meet the following conditions:
1. You must give any other recipients of the Work or Derivative Works a
copy of this License; and
2. You must cause any modified files to carry prominent notices stating
that You changed the files; and
3. You must retain, in the Source form of any Derivative Works that You
distribute, all copyright, patent, trademark, and attribution notices from
the Source form of the Work, excluding those notices that do not pertain
to any part of the Derivative Works; and
4. If the Work includes a "NOTICE" text file as part of its distribution,
then any Derivative Works that You distribute must include a readable copy
of the attribution notices contained within such NOTICE file, excluding
those notices that do not pertain to any part of the Derivative Works,
in at least one of the following places: within a NOTICE text file
distributed as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or, within a
display generated by the Derivative Works, if and wherever such
third-party notices normally appear. The contents of the NOTICE file are
for informational purposes only and do not modify the License.
You may add Your own attribution notices within Derivative Works that You
distribute, alongside or as an addendum to the NOTICE text from the Work,
provided that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and may
provide additional or different license terms and conditions for use,
reproduction, or distribution of Your modifications, or for any such
Derivative Works as a whole, provided Your use, reproduction, and
distribution of the Work otherwise complies with the conditions
stated in this License.
5. Submission of Contributions.
Unless You explicitly state otherwise, any Contribution intentionally
submitted for inclusion in the Work by You to the Licensor shall be under
the terms and conditions of this License, without any additional
terms or conditions. Notwithstanding the above, nothing herein shall
supersede or modify the terms of any separate license agreement you may
have executed with Licensor regarding such Contributions.
6. Trademarks.
This License does not grant permission to use the trade names, trademarks,
service marks, or product names of the Licensor, except as required for
reasonable and customary use in describing the origin of the Work and
reproducing the content of the NOTICE file.
7. Disclaimer of Warranty.
Unless required by applicable law or agreed to in writing, Licensor
provides the Work (and each Contributor provides its Contributions)
on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
either express or implied, including, without limitation, any warranties
or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS
FOR A PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any risks
associated with Your exercise of permissions under this License.
8. Limitation of Liability.
In no event and under no legal theory, whether in tort
(including negligence), contract, or otherwise, unless required by
applicable law (such as deliberate and grossly negligent acts) or agreed
to in writing, shall any Contributor be liable to You for damages,
including any direct, indirect, special, incidental, or consequential
damages of any character arising as a result of this License or out of
the use or inability to use the Work (including but not limited to damages
for loss of goodwill, work stoppage, computer failure or malfunction,
or any and all other commercial damages or losses), even if such
Contributor has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability.
While redistributing the Work or Derivative Works thereof, You may choose
to offer, and charge a fee for, acceptance of support, warranty,
indemnity, or other liability obligations and/or rights consistent with
this License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf of any
other Contributor, and only if You agree to indemnify, defend, and hold
each Contributor harmless for any liability incurred by, or claims
asserted against, such Contributor by reason of your accepting any such
warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work
To apply the Apache License to your work, attach the following boilerplate
notice, with the fields enclosed by brackets "[]" replaced with your own
identifying information. (Don't include the brackets!) The text should be
enclosed in the appropriate comment syntax for the file format. We also
recommend that a file or class name and description of purpose be included
on the same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright 2013 Gareth Rushgrove
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
or implied. See the License for the specific language governing
permissions and limitations under the License.