# Reference
## Table of Contents
### Classes
#### Public Classes
* [`letsencrypt`](#letsencrypt): Sets up letsencrypt for other classes
* [`letsencrypt::authenticator::nginx`](#letsencrypt--authenticator--nginx): Sets up nginx specific configuration, and provides access to variables for enterpolating into nginx configurations These use the default cer
#### Private Classes
* `letsencrypt::renew::cron::setup`: Handles renewal certificates through CRON
* `letsencrypt::renew::setup`: Sets up timers for automatically renewing certificates
* `letsencrypt::renew::systemd::setup`: Handles renewal certificates through systemd timers
### Defined types
#### Public Defined types
* [`letsencrypt::cert`](#letsencrypt--cert): A single certificate
* [`letsencrypt::domain`](#letsencrypt--domain): A single domain name which should be part of a certificate
#### Private Defined types
* `letsencrypt::renew`: Configures automatic renewal for the given certificate
* `letsencrypt::renew::systemd`
### Functions
* [`letsencrypt::conf::nginx`](#letsencrypt--conf--nginx): Returns a hash to be merged into a nginx::resource::server resources parameters.
* [`letsencrypt::conf::nginx::location`](#letsencrypt--conf--nginx--location): Returns a hash to be merged into a nginx::resource::location resource.
### Data types
* [`Letsencrypt::Authenticator`](#Letsencrypt--Authenticator): Known authenticator types
* [`Letsencrypt::Renewal_provider`](#Letsencrypt--Renewal_provider): Known backends which can keep track of when to issue renewal requests.
* [`Letsencrypt::Ssl_conf::Nginx`](#Letsencrypt--Ssl_conf--Nginx): SSL configuration hash for nginx
* [`Letsencrypt::Ssl_conf::Nginx::Location`](#Letsencrypt--Ssl_conf--Nginx--Location): SSL configuration for a single nginx location.
## Classes
### `letsencrypt`
Sets up letsencrypt for other classes
#### Parameters
The following parameters are available in the `letsencrypt` class:
* [`email`](#-letsencrypt--email)
* [`manage_package`](#-letsencrypt--manage_package)
* [`certbot_package`](#-letsencrypt--certbot_package)
* [`server`](#-letsencrypt--server)
* [`renewal_provider`](#-letsencrypt--renewal_provider)
* [`config`](#-letsencrypt--config)
##### `email`
Data type: `String`
Contact email sent to letsencrypt
##### `manage_package`
Data type: `Boolean`
Should the certbot package resource be managed by this class
Default value: `true`
##### `certbot_package`
Data type: `String`
Name of the certbot package. Should be automatically set through hiera.
Default value: `'certbot'`
##### `server`
Data type: `String`
Server providing ACME challenge
Default value: `'https://acme-v02.api.letsencrypt.org/directory'`
##### `renewal_provider`
Data type: `Letsencrypt::Renewal_provider`
Service responsible for periodically renewing the certificate
##### `config`
Data type: `Hash[String, Any]`
Default configuration values to pass to certbot. $server and
$email is added here if not explicitly set. It's later merged with
a specific instance for each certificate.
Default value: `{}`
### `letsencrypt::authenticator::nginx`
Sets up nginx specific configuration, and provides access to
variables for enterpolating into nginx configurations
These use the default cert name
#### Parameters
The following parameters are available in the `letsencrypt::authenticator::nginx` class:
* [`certbot_plugin_package`](#-letsencrypt--authenticator--nginx--certbot_plugin_package)
* [`manage_package`](#-letsencrypt--authenticator--nginx--manage_package)
##### `certbot_plugin_package`
Data type: `String`
Name of the system package providing this plugin.
Populated through hiera.
##### `manage_package`
Data type: `Boolean`
If this class should manage the package.
Default value: `true`
## Defined types
### `letsencrypt::cert`
A single certificate
#### Parameters
The following parameters are available in the `letsencrypt::cert` defined type:
* [`cert_name`](#-letsencrypt--cert--cert_name)
* [`ensure`](#-letsencrypt--cert--ensure)
* [`include_self`](#-letsencrypt--cert--include_self)
* [`authenticator`](#-letsencrypt--cert--authenticator)
* [`domains`](#-letsencrypt--cert--domains)
* [`config`](#-letsencrypt--cert--config)
##### `cert_name`
Data type: `String`
Name of the certificate, can be anything, but $::fqdn is recommended
Default value: `$name`
##### `ensure`
Data type: `Enum['present', 'absent']`
Present or absent (currently does nothing)
Default value: `'present'`
##### `include_self`
Data type: `Boolean`
Should the certificates name be one of its domains?
Default value: `true`
##### `authenticator`
Data type: `Letsencrypt::Authenticator`
How should the challenge be handled.
##### `domains`
Data type: `Array[String]`
List of domains to add to certificate
Default value: `[]`
##### `config`
Data type: `Hash[String, Any]`
Additional config for this entry
Default value: `{}`
### `letsencrypt::domain`
A single domain name which should be part of a certificate
#### Parameters
The following parameters are available in the `letsencrypt::domain` defined type:
* [`cert_name`](#-letsencrypt--domain--cert_name)
* [`domain_name`](#-letsencrypt--domain--domain_name)
##### `cert_name`
Data type: `String`
Which certificate this domain name belongs to
##### `domain_name`
Data type: `String`
The domain name to be added
Default value: `$name`
## Functions
### `letsencrypt::conf::nginx`
Type: Puppet Language
Returns a hash to be merged into a nginx::resource::server resources
parameters.
#### `letsencrypt::conf::nginx(String $cert_name)`
Returns a hash to be merged into a nginx::resource::server resources
parameters.
Returns: `Letsencrypt::Ssl_conf::Nginx` hash usable with nginx::resource::server
##### `cert_name`
Data type: `String`
name of the domain in question, NOT the local certificate name.
### `letsencrypt::conf::nginx::location`
Type: Puppet Language
Returns a hash to be merged into a nginx::resource::location resource.
#### `letsencrypt::conf::nginx::location(String $cert_name)`
Returns a hash to be merged into a nginx::resource::location resource.
Returns: `Letsencrypt::Ssl_conf::Nginx::Location` hash usable with nginx::resource::location
##### `cert_name`
Data type: `String`
Domain for which we want the configuration.
NOT the local certificate name.
## Data types
### `Letsencrypt::Authenticator`
Known authenticator types
Alias of `Enum['nginx']`
### `Letsencrypt::Renewal_provider`
Known backends which can keep track of when to issue renewal
requests.
Alias of `Enum['systemd', 'cron']`
### `Letsencrypt::Ssl_conf::Nginx`
Will either have ssl set to false, or ssl set to true, along with
appropriate ssl parameters.
Alias of
```puppet
Variant[Struct[{
ssl => Boolean,
}], Struct[{
ssl => Boolean,
ssl_redirect => Boolean,
ssl_cert => String,
ssl_key => String,
}]]
```
### `Letsencrypt::Ssl_conf::Nginx::Location`
SSL configuration for a single nginx location.
Alias of
```puppet
Variant[Struct[{
ssl => Boolean,
}], Struct[{
ssl => Boolean,
ssl_only => Boolean,
}]]
```