1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
|
# @summary A single certificate
# @param cert_name
# Name of the certificate, can be anything, but $::fqdn is recommended
# @param ensure Present or absent (currently does nothing)
# @param include_self
# Should the certificates name be one of its domains?
# @param authenticator
# How should the challenge be handled.
# @param domains
# List of domains to add to certificate
# @param config
# Additional config for this entry
define letsencrypt::cert (
Letsencrypt::Authenticator $authenticator,
String $cert_name = $name,
Enum['present', 'absent'] $ensure = 'present',
Boolean $include_self = true,
Array[String] $domains = [],
Hash[String, Any] $config = {},
) {
$conf_file = "${letsencrypt::config_dir}/${cert_name}.ini"
$domain_file = "${letsencrypt::config_dir}/${cert_name}.domains"
include "::letsencrypt::authenticator::${authenticator}"
$local_conf = {
'cert-name' => $cert_name,
'rsa-key-size' => 4096,
'authenticator' => $authenticator,
'agree-tos' => true,
'quiet' => true,
'keep-until-expiring' => true,
'non-interactive' => true,
}
$conf = $letsencrypt::config_ + $local_conf + $config
file { $conf_file:
ensure => file,
content => epp("${module_name}/ini.epp", { 'values' => $conf }),
}
concat { $domain_file:
ensure_newline => true,
warn => true,
}
$domains.each |$domain| {
letsencrypt::domain { $domain:
cert_name => $cert_name,
}
}
if $include_self and ! $cert_name in $domains {
letsencrypt::domain { $cert_name:
cert_name => $cert_name,
}
}
letsencrypt::renew { $cert_name:
}
# This might be incorrect. If a certificate of that name already
# exists then the new certificate will instead be called
# ${cert-name}-0001. See
# https://eff-certbot.readthedocs.io/en/stable/using.html#where-are-my-certificates
exec { "letsencrypt - get initial ${cert_name}":
creates => "${letsencrypt::cert_dir}/${cert_name}",
command => [$letsencrypt::renew::setup::renew_script, $cert_name],
require => File[$letsencrypt::renew::setup::renew_script],
}
exec { "letsencrypt - refresh ${cert_name}":
command => [$letsencrypt::renew::setup::renew_script, $cert_name],
subscribe => [File[$conf_file], Concat[$domain_file]],
refreshonly => true,
require => File[$letsencrypt::renew::setup::renew_script],
}
}
|