GitHub puppet-letsencrypt
A Puppet module to install the Letsencrypt client and request certificates.

Repo Checks ( 23 of 28 successfull )
Metadata Valid
No translation
passed
Correct Puppet Version Range
Supported Puppet version range is %{PUPPET_SUPPORT_RANGE}
passed
With Puppet Version Range
Puppet version range is present in requirements in metadata.json
passed
With Operatingsystem Support
No translation
passed
Operatingsystems
No translation
passed
Supports Only Current Almalinux
No translation
passed
Supports Latest Almalinux
No translation
failed
Supports Only Current Centos
No translation
passed
Supports Latest Centos
No translation
failed
Supports Only Current Redhat
No translation
passed
Supports Latest Redhat
No translation
passed
Supports Only Current Fedora
No translation
passed
Supports Latest Fedora
No translation
passed
Supports Only Current Ubuntu
No translation
passed
Supports Latest Ubuntu
No translation
failed
Supports Only Current Debian
No translation
passed
Supports Latest Debian
No translation
passed
Supports Only Current Openbsd
No translation
passed
Supports Latest Openbsd
No translation
failed
Supports Only Current Freebsd
No translation
passed
Supports Latest Freebsd
No translation
passed
In Modulesync Repo
Is listed as a module managed using modulesync_config
passed
Synced
Has a .msync.yml file
passed
Latest Modulesync
Has been synchronized with the latest tagged version of modulesync_config
failed
Has Modulesync
Is present in voxpupuli/modulesync_config/managed_modules.yml
passed
Released
Is in modulesync_config and in forge releases.
passed
Valid Sync File
If a (optional) sync file is present, it must not contain a `.travis.yml` entry.
passed
Reference Dot Md
The repository has a REFERENCE.md. It needs to be generated / puppet-strings documentation is missing.
passed

Open Pull Requests

Allow setting file group owner
merge-conflicts

Add new optional parameter to set the group ownership of shipped files

Some Operating Systems (a current OpenBSD release) don't have group 'root' - this PR allows setting the group to something else.
Default of group:root has not changed

This Pull Request (PR) fixes the following issues

N/A

Open PR in GitHub
Added support for cron environment in renew class
merge-conflicts
tests-fail

<!--
Thank you for contributing to this project!

-->

Pull Request (PR) description

I added support to configure environments for the letsencrypt renew cron job. This way it possible to add for example an email address to send the output from the cronjob.

Open PR in GitHub
Add certbot-dns-ovh plugin support
merge-conflicts
tests-fail

<!--
Thank you for contributing to this project!

-->

Pull Request (PR) description

Add dns-ovh support based on dns_rfc2136 implementation

Open PR in GitHub
Allow using the 'manual' plugin

Adds manual as an allowed plugin value.

On a system I manage, I needed to run custom scripts during authentication. With this change, I can use a config like this:
puppet
letsencrypt::certonly { '…':
plugin => 'manual',
additional_args => ['--manual-auth-hook …', '--manual-cleanup-hook …'],

}

See also #89.

Open PR in GitHub
Support logging cron output
backwards-incompatible

<!--
Thank you for contributing to this project!

-->

Pull Request (PR) description

<!--
Replace this comment with a description of your pull request.
-->

Allow logging letsencrypt renewal output. So far hoping this will be useful when post_commands don't fire, so debug what's going wrong there.

Open PR in GitHub
Add support for systemd service and timer units to renew.
merge-conflicts

This also adds support for naming services to restart with systemd instead of long-handing it all.
It also adds support for managing firewalls using firewalld for systems that are not meant to be http/https accessible at all times.

These three are essentially the same support and it is difficult to break it up

Again, I would love help knowing quite how to create the CI acceptances for this.

Open PR in GitHub
Add Nginx authenticator plugin to Letsencrypt Puppet module
enhancement
merge-conflicts
tests-fail

Pull Request (PR) description

I added automatic installation of the ...-certbot-nginx-... package when 'plugin' => 'nginx' is given to define letsencrypt::certonly. And i provided an example in Readme.

This Pull Request (PR) fixes the following issues

On Centos for example, when a Nginx web server is running, simply asking Certbot to create or renew certificates is not enough. It requires an additional package or plugin,

Open PR in GitHub
rename environment parameter to unbreak hiera
backwards-incompatible
merge-conflicts
needs-docs
needs-rebase
tests-fail

Fixes #63.
We rename the environment to venv_vars in order to ensure that hiera calls do not break, as soon as a puppet execution flow enters our module. For consistency's sake, we change environment not only in the main class (where it's definitely needed: rodjek/puppet-lint#574), but also in the certonly define.

Open PR in GitHub
Change the default `cron_hour` to twice a day
enhancement
merge-conflicts

Pull Request (PR) description

Change the random seed per hour for letsencrypt::certonly cronjob resource.

This Pull Request (PR) fixes the following issues

Fixes #47

Open PR in GitHub
add option for removing cron provided by distro pkgs

Pull Request (PR) description

This PR aims at removing the system cron or systemd timer when the renew cron is managed by puppet (this doesn't handle certonly cron). If we don't do that on certains distro (for exemple Debian), a cron will be automaticaly added by the package and might renew the certificate before the puppet cron, and thus the puppet renew hooks won't be executed.

This Pull Request (PR) fixes the following issues

Fixes #164

Open PR in GitHub
Add environment parameter to renew cron

Pull Request (PR) description

This PR add an option for adding environment to the global renew cron, this is useful for example with the nginx certbot plugin which somehow can't find nginx if the PATH in the cron doesn't include /usr/sbin.

This PR is similar to #189 which doesn't seem really active.

This Pull Request (PR) fixes the following issues

Fixes: #250 (well kind of, it doesn't directly fix this, but it allows to add the PATH in the cron which will fix the problem).

Open PR in GitHub
Default cert name
backwards-incompatible

<!--
Thank you for contributing to this project!

-->

Pull Request (PR) description

Use the first domain for $cert_name instead of the $title.

This doesn't change anything if $domains is undefined, or if the $title is already the same as the first argument of the list passed to $domains.

This Pull Request (PR) fixes the following issues

certbot CLI by default will use the first domain as the cert-name and path to store the certificate files.

This puppet module should do the same.

(I separated this PR from #219 to allow merging separately, as this could potentially breaks things as it did when the --cert-name $title was introduced in 8f8e4f98)

Open PR in GitHub
(#236) Enable python module stream on EL8
merge-conflicts

Pull Request (PR) description

My apologies on missing this. In testing https://github.com/voxpupuli/puppet-letsencrypt/pull/254 I had manually enable the python36 module stream at some point before hand, but after running on a fresh install I realized certbot requires this module stream to be enabled per:

Error: Execution of '/bin/dnf -d 0 -e 1 -y install certbot' returned 1: Error:
Problem: package certbot-1.20.0-1.el8.noarch requires python3-certbot = 1.20.0-1.el8, but none of the providers can be installed
- package python3-certbot-1.20.0-1.el8.noarch requires /usr/bin/python3.6, but none of the providers can be installed
- conflicting requests
- package python36-3.6.8-2.module_el8.3.0+6191+6b4b10ec.x86_64 is filtered out by modular filtering
Error: /Stage[main]/Letsencrypt::Install/Package[letsencrypt]/ensure: change from 'purged' to 'present' failed: Execution of '/bin/dnf -d 0 -e 1 -y install certbot' returned 1: Error:
Problem: package certbot-1.20.0-1.el8.noarch requires python3-certbot = 1.20.0-1.el8, but none of the providers can be installed
- package python3-certbot-1.20.0-1.el8.noarch requires /usr/bin/python3.6, but none of the providers can be installed
- conflicting requests
- package python36-3.6.8-2.module_el8.3.0+6191+6b4b10ec.x86_64 is filtered out by modular filtering

This Pull Request (PR) fixes the following issues

Fixes #236

Open PR in GitHub