GitHub puppet-letsencrypt
81
81
16
A Puppet module to install the Letsencrypt client and request certificates.

Metadata Valid
No translation
Correct Puppet Version Range
Supported Puppet version range is %{PUPPET_VERSION_RANGE}
With Puppet Version Range
Puppet version range is present in requirements in metadata.json
With Operatingsystem Support
No translation
Supports Only Current Centos
No translation
Supports Latest Centos
No translation
Supports Only Current Fedora
No translation
Supports Latest Fedora
No translation
Supports Only Current Ubuntu
No translation
Supports Latest Ubuntu
No translation
Supports Only Current Debian
No translation
Supports Latest Debian
No translation
Supports Only Current Freebsd
No translation
Supports Latest Freebsd
No translation
In Modulesync Repo
No translation
In Plumbing
Is in plumbing
Has Secrets
Has a .sync.yml file
Synced
Has a .msync.yml file
Latest Modulesync
No translation
Has Modulesync
Is present in voxpupuli/modulesync_config/managed_modules.yml
Released
Is in modulesync_config and in forge releases.
Reference Dot Md
The repository has a REFERENCE.md. It needs to be generated / puppet-strings documentation is missing.

Open Pull Requests

Allow setting file group owner

Add new optional parameter to set the group ownership of shipped files

Some Operating Systems (a current OpenBSD release) don't have group 'root' - this PR allows setting the group to something else.
Default of group:root has not changed

This Pull Request (PR) fixes the following issues

N/A

Added support for cron environment in renew class
merge-conflicts
tests-fail

<!--
Thank you for contributing to this project!

-->

Pull Request (PR) description

I added support to configure environments for the letsencrypt renew cron job. This way it possible to add for example an email address to send the output from the cronjob.

rename environment parameter to unbreak hiera
backwards-incompatible
merge-conflicts
needs-docs
needs-rebase
tests-fail

Fixes #63.
We rename the environment to venv_vars in order to ensure that hiera calls do not break, as soon as a puppet execution flow enters our module. For consistency's sake, we change environment not only in the main class (where it's definitely needed: rodjek/puppet-lint#574), but also in the certonly define.

Add Nginx authenticator plugin to Letsencrypt Puppet module
enhancement
merge-conflicts
tests-fail

Pull Request (PR) description

I added automatic installation of the ...-certbot-nginx-... package when 'plugin' => 'nginx' is given to define letsencrypt::certonly. And i provided an example in Readme.

This Pull Request (PR) fixes the following issues

On Centos for example, when a Nginx web server is running, simply asking Certbot to create or renew certificates is not enough. It requires an additional package or plugin,

modulesync 4.0.0
modulesync
tests-fail

modulesync 4.0.0

Default cert name
backwards-incompatible

<!--
Thank you for contributing to this project!

-->

Pull Request (PR) description

Use the first domain for $cert_name instead of the $title.

This doesn't change anything if $domains is undefined, or if the $title is already the same as the first argument of the list passed to $domains.

This Pull Request (PR) fixes the following issues

certbot CLI by default will use the first domain as the cert-name and path to store the certificate files.

This puppet module should do the same.

(I separated this PR from #219 to allow merging separately, as this could potentially breaks things as it did when the --cert-name $title was introduced in 8f8e4f98)

Add support for systemd service and timer units to renew.
merge-conflicts

This also adds support for naming services to restart with systemd instead of long-handing it all.
It also adds support for managing firewalls using firewalld for systems that are not meant to be http/https accessible at all times.

These three are essentially the same support and it is difficult to break it up

Again, I would love help knowing quite how to create the CI acceptances for this.

Fix certbot VCS package installation

Pull Request (PR) description

As referenced in #240 the official installation method was changed
in December 2020, deprecating the use of the certbot-auto script,
and recommending snap as the primary package source.

As snap isn't yet a builtin package provider in Puppet and I don't
fancy creating a dependency on a third party module, nor do I want
to add a load of exec commands for managing snap packages I chose
to fix the VCS install method, and since it's used in the CI there's
less to change.

Since we can no longer use the certbot-auto script we should
follow the setup instructions provided by Letsencrypt's development
guide https://certbot.eff.org/docs/contributing.html. Their guide
simply states to call a python script which configures the virtual
environment, and since the script is gone we no longer need the
VENV_PATH environment variable.

As the command needs to create a python virtual environment we
need to add the required package to the VCS dependencies, and from
testing I found there was no need to call the initialisation command
when installing from a package source, so I've made it conditional
to the VCS installation.

I've also taken the opportunity to update the version of certbot
that's checked out during VCS installation since 0.39.0 is now
around 1.5 years old. Version 1.7.0 is the latest version that
is supported by Python 3.5 which is the lowest Python3 version
that's installed by default via package managers.

This Pull Request (PR) fixes the following issues

Fixes #240

Add Cloudflare DNS plugin support

Pull Request (PR) description

Adding feature support for the Certbot DNS Cloudflare plugin.

The plugin itself allows for two types of authentication, API token or Global API Key and corresponding Email so both are supported in this change.

Cloudflare recommends API tokens as they're more secure, so this module will prioritize token authentication over key authentication if both are provided.

This Pull Request (PR) fixes the following issues

n/a

Add certbot-dns-ovh plugin support
merge-conflicts
tests-fail

<!--
Thank you for contributing to this project!

-->

Pull Request (PR) description

Add dns-ovh support based on dns_rfc2136 implementation