Forge Home

Modules

Puppet

Resources

PuppetEcosystemPuppet CommunityUpdates

iis_letsencrypt

Puppet Module for requesting LetsEncrypt certificate and deploying it to IIS on Windows
Project URLRSS FeedReport issues

6,470 downloads

6,470 latest version

5.0 quality score

We run a couple of automated
scans to help you access a
module's quality. Each module is
given a score based on how well
the author has formatted their
code and documentation and
modules are also checked for
malware using VirusTotal.

Please note, the information below
is for guidance only and neither of
these methods should be considered
an endorsement by Puppet.

Support the Puppet Community by contributing to this module

You are welcome to contribute to this module by suggesting new features, currency updates, or fixes. Every contribution is valuable to help ensure that the module remains compatible with the latest Puppet versions and continues to meet community needs. Complete the following steps:

  1. Review the module’s contribution guidelines and any licenses. Ensure that your planned contribution aligns with the author’s standards and any legal requirements.
  2. Fork the repository on GitHub, make changes on a branch of your fork, and submit a pull request. The pull request must clearly document your proposed change.

For questions about updating the module, contact the module’s author.

Version information

  • 0.1.0 (latest)
released Nov 3rd 2017
This version is compatible with:
  • Puppet Enterprise 2018.1.x, 2017.3.x, 2017.2.x, 2017.1.x, 2016.5.x, 2016.4.x
  • Puppet >= 4.7.0 < 6.0.0

Start using this module

  • r10k or Code Manager
  • Bolt
  • Manual installation
  • Direct download

Add this module to your Puppetfile:

mod 'slenky-iis_letsencrypt', '0.1.0'
Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add slenky-iis_letsencrypt
Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install slenky-iis_letsencrypt --version 0.1.0

Direct download is not typically how you would use a Puppet module to manage your infrastructure, but you may want to download the module in order to inspect the code.

Download

Documentation

slenky/iis_letsencrypt — version 0.1.0 Nov 3rd 2017

iis_letsencrypt

Table of Contents

  1. Description
  2. Setup - The basics of getting started with iis_letsencrypt
  3. Usage - Configuration options and additional functionality
  4. Reference - An under-the-hood peek at what the module is doing and how
  5. Limitations - OS compatibility, etc.
  6. Development - Guide for contributing to the module

Description

Puppet module designed to request and deploy valid SSL certificates from LetsEncrypt via ACME and deploy them to Windows Certificate Store and apply to your site. Also it would check certificate expire date on every Puppet run and reissue the certificate if needed.

Implemented via Custom Provider with self.instances & prefetch.

Big thanks to puppetlabs-iis module where I got powershell workarounds and to developers of acme-client

Setup

What iis_letsencrypt affects

This module fully affects:

  • Automatically installing Rubygems Dependencies
  • Creating/removing virtual directories in IIS for new requests.
  • Requesting new certificate via ACME, save it in Certificate Store and deploy to IIS Site.

Setup Requirements

This module works perfectly with puppetlabs-iis module, so feel free to work with it but it's not actually a requrement.

Beginning with iis_letsencrypt

Usage

Full example with IIS you'd able to find in examples/init.pp file.

ssl_cert { $mydomain1:
  ensure           => present,
  staging          => true,
  remove_http_bind => true,
  cert_pass        => '12345',
  cert_path        => 'C:\\certs',
  contact_email    => 'email@example.com',
  physicalpath     => 'C:\\mysite\\virtualfolder'
}

Reference

ssl_cert resource

name

Name specifies sitename in IIS where cert should apply to.

domain

If your domain name is not the same as your site name you could specify it in thus section. Defaults to :name.

staging

Boolean. Should we use staging letsencrypt environment on true. Defaults to false

remove_http_bind

Boolean. Should provider remove http bind after activation of certificate.

cert_pass

Password for PFX cert file.

cert_path

Where we should store PFX and PEM files.

remove_certfiles

Boolean. Should we use remove certificate files from your file system. Defaults to true

contact_email

Contact Email of person for whom cert applies to.

physicalpath

Physical path on your machine for .well-known virtual directory

Also this module contains custom fact generator for getting SSL thumbprints. You could use them as $ssl_ + domain name without dots i.e $ssl_examplecom or $ssl_facebookcom

Limitations

Only Windows with Ruby >= 2.1.0 Tested on Win2012R2 with IIS 8.5

Development

Feel free to fork, pull requests and so on.