# Reference ## Table of Contents ### Classes #### Public Classes * [`letsencrypt`](#letsencrypt): Sets up letsencrypt for other classes * [`letsencrypt::authenticator::nginx`](#letsencrypt--authenticator--nginx): Sets up nginx specific configuration, and provides access to variables for enterpolating into nginx configurations These use the default cer #### Private Classes * `letsencrypt::renew::cron::setup`: Handles renewal certificates through CRON * `letsencrypt::renew::setup`: Sets up timers for automatically renewing certificates * `letsencrypt::renew::systemd::setup`: Handles renewal certificates through systemd timers ### Defined types #### Public Defined types * [`letsencrypt::cert`](#letsencrypt--cert): A single certificate * [`letsencrypt::domain`](#letsencrypt--domain): A single domain name which should be part of a certificate #### Private Defined types * `letsencrypt::renew`: Configures automatic renewal for the given certificate * `letsencrypt::renew::systemd` ### Functions * [`letsencrypt::conf::nginx`](#letsencrypt--conf--nginx): Returns a hash to be merged into a nginx::resource::server resources parameters. * [`letsencrypt::conf::nginx::location`](#letsencrypt--conf--nginx--location): Returns a hash to be merged into a nginx::resource::location resource. ### Data types * [`Letsencrypt::Authenticator`](#Letsencrypt--Authenticator): Known authenticator types * [`Letsencrypt::Renewal_provider`](#Letsencrypt--Renewal_provider): Known backends which can keep track of when to issue renewal requests. * [`Letsencrypt::Ssl_conf::Nginx`](#Letsencrypt--Ssl_conf--Nginx): SSL configuration hash for nginx * [`Letsencrypt::Ssl_conf::Nginx::Location`](#Letsencrypt--Ssl_conf--Nginx--Location): SSL configuration for a single nginx location. ## Classes ### `letsencrypt` Sets up letsencrypt for other classes #### Parameters The following parameters are available in the `letsencrypt` class: * [`email`](#-letsencrypt--email) * [`manage_package`](#-letsencrypt--manage_package) * [`certbot_package`](#-letsencrypt--certbot_package) * [`server`](#-letsencrypt--server) * [`renewal_provider`](#-letsencrypt--renewal_provider) * [`config`](#-letsencrypt--config) ##### `email` Data type: `String` Contact email sent to letsencrypt ##### `manage_package` Data type: `Boolean` Should the certbot package resource be managed by this class Default value: `true` ##### `certbot_package` Data type: `String` Name of the certbot package. Should be automatically set through hiera. Default value: `'certbot'` ##### `server` Data type: `String` Server providing ACME challenge Default value: `'https://acme-v02.api.letsencrypt.org/directory'` ##### `renewal_provider` Data type: `Letsencrypt::Renewal_provider` Service responsible for periodically renewing the certificate ##### `config` Data type: `Hash[String, Any]` Default configuration values to pass to certbot. $server and $email is added here if not explicitly set. It's later merged with a specific instance for each certificate. Default value: `{}` ### `letsencrypt::authenticator::nginx` Sets up nginx specific configuration, and provides access to variables for enterpolating into nginx configurations These use the default cert name #### Parameters The following parameters are available in the `letsencrypt::authenticator::nginx` class: * [`certbot_plugin_package`](#-letsencrypt--authenticator--nginx--certbot_plugin_package) * [`manage_package`](#-letsencrypt--authenticator--nginx--manage_package) ##### `certbot_plugin_package` Data type: `String` Name of the system package providing this plugin. Populated through hiera. ##### `manage_package` Data type: `Boolean` If this class should manage the package. Default value: `true` ## Defined types ### `letsencrypt::cert` A single certificate #### Parameters The following parameters are available in the `letsencrypt::cert` defined type: * [`cert_name`](#-letsencrypt--cert--cert_name) * [`ensure`](#-letsencrypt--cert--ensure) * [`include_self`](#-letsencrypt--cert--include_self) * [`authenticator`](#-letsencrypt--cert--authenticator) * [`domains`](#-letsencrypt--cert--domains) * [`config`](#-letsencrypt--cert--config) ##### `cert_name` Data type: `String` Name of the certificate, can be anything, but $::fqdn is recommended Default value: `$name` ##### `ensure` Data type: `Enum['present', 'absent']` Present or absent (currently does nothing) Default value: `'present'` ##### `include_self` Data type: `Boolean` Should the certificates name be one of its domains? Default value: `true` ##### `authenticator` Data type: `Letsencrypt::Authenticator` How should the challenge be handled. ##### `domains` Data type: `Array[String]` List of domains to add to certificate Default value: `[]` ##### `config` Data type: `Hash[String, Any]` Additional config for this entry Default value: `{}` ### `letsencrypt::domain` A single domain name which should be part of a certificate #### Parameters The following parameters are available in the `letsencrypt::domain` defined type: * [`cert_name`](#-letsencrypt--domain--cert_name) * [`domain_name`](#-letsencrypt--domain--domain_name) ##### `cert_name` Data type: `String` Which certificate this domain name belongs to ##### `domain_name` Data type: `String` The domain name to be added Default value: `$name` ## Functions ### `letsencrypt::conf::nginx` Type: Puppet Language Returns a hash to be merged into a nginx::resource::server resources parameters. #### `letsencrypt::conf::nginx(String $cert_name)` Returns a hash to be merged into a nginx::resource::server resources parameters. Returns: `Letsencrypt::Ssl_conf::Nginx` hash usable with nginx::resource::server ##### `cert_name` Data type: `String` name of the domain in question, NOT the local certificate name. ### `letsencrypt::conf::nginx::location` Type: Puppet Language Returns a hash to be merged into a nginx::resource::location resource. #### `letsencrypt::conf::nginx::location(String $cert_name)` Returns a hash to be merged into a nginx::resource::location resource. Returns: `Letsencrypt::Ssl_conf::Nginx::Location` hash usable with nginx::resource::location ##### `cert_name` Data type: `String` Domain for which we want the configuration. NOT the local certificate name. ## Data types ### `Letsencrypt::Authenticator` Known authenticator types Alias of `Enum['nginx']` ### `Letsencrypt::Renewal_provider` Known backends which can keep track of when to issue renewal requests. Alias of `Enum['systemd', 'cron']` ### `Letsencrypt::Ssl_conf::Nginx` Will either have ssl set to false, or ssl set to true, along with appropriate ssl parameters. Alias of ```puppet Variant[Struct[{ ssl => Boolean, }], Struct[{ ssl => Boolean, ssl_redirect => Boolean, ssl_cert => String, ssl_key => String, }]] ``` ### `Letsencrypt::Ssl_conf::Nginx::Location` SSL configuration for a single nginx location. Alias of ```puppet Variant[Struct[{ ssl => Boolean, }], Struct[{ ssl => Boolean, ssl_only => Boolean, }]] ```