Install SSL certificates
Puppet-Finland team

Puppet-Finland team



4,036 latest version

3.1 quality score

Version information

  • 0.1.3 (latest)
  • 0.1.2
  • 0.1.1
released Jul 3rd 2019
This version is compatible with:
  • Puppet Enterprise 2018.1.x, 2017.3.x, 2017.2.x, 2017.1.x, 2016.5.x, 2016.4.x
  • Puppet >= 4.7.0 < 6.0.0
  • CentOS

Start using this module


puppetfinland/sslcert — version 0.1.3 Jul 3rd 2019


A Puppet module for managing one or more sets of SSL certificates. A set is composed of a certificate and a key, and an optional CA bundle. The bundle may be used as is (for Apache2) or combined with the certificate (for nginx).

This module can be safely used even if the webserver is not managed by Puppet. Even in that case it can notify the defined webserver service when any of the files have changed.

Module usage

First put your certificates to the Puppet fileserver under the "files" directory and name them like this:

  • sslcert-${basename}.crt
  • sslcert-${basename}.key

Where ${basename} defaults to the title of the ::sslcert::set defined resource. If you want to install a CA bundle, simply copy it to the "files" directory and pass the filename, including the file extension, as the $bundlefile parameter of the ::sslcert::set resource. Next a few examples using Hiera.

You always need to include the main class, unless you create your resources using create_resource functions in site.pp:

include ::sslcert

Install a certificate, key and a separate bundle file (e.g. for apache2).

        bundlefile: 'ca-bundle.crt'

The same as above, but for nginx:

        bundlefile: 'ca-bundle.crt'
        embed_bundle: true

Only install a certificate and a key, omitting the bundle:

sslcert::sets: {}

You can of course define as many ::sslcert::set resources as you need.

Example of usage from within a node manifest:

$sets = { '' => { 'bundlefile'   => 'ca-bundle.crt',
                                'embed_bundle' => false,

class { '::sslcert':
    sets => $sets,

Usage from another class, without having the ::sslcert main class as a middleman:

include ::sslcert

sslcert::set { '':
    bundlefile   => 'ca-bundle.crt',
    embed_bundle => false,