GitHub puppet-letsencrypt

A Puppet module to install the Letsencrypt client and request certificates.

Add new optional parameter to set the group ownership of shipped files

Some Operating Systems (a current OpenBSD release) don't have group 'root' - this PR allows setting the group to something else.
Default of group:root has not changed

This Pull Request (PR) fixes the following issues

N/A

<!--
Thank you for contributing to this project!

• This project has a Contributor Code of Conduct: https://voxpupuli.org/coc/
• Please check that here is no existing issue or PR that addresses your problem.
• Our vulnerabilities reporting process is at https://voxpupuli.org/security/

-->

Pull Request (PR) description

I added support to configure environments for the letsencrypt renew cron job. This way it possible to add for example an email address to send the output from the cronjob.

Fixes #63.
We rename the environment to venv_vars in order to ensure that hiera calls do not break, as soon as a puppet execution flow enters our module. For consistency's sake, we change environment not only in the main class (where it's definitely needed: rodjek/puppet-lint#574), but also in the certonly define.

<!--
Thank you for contributing to this project!

• This project has a Contributor Code of Conduct: https://voxpupuli.org/coc/
• Please check that here is no existing issue or PR that addresses your problem.
• Our vulnerabilities reporting process is at https://voxpupuli.org/security/

-->

Pull Request (PR) description

Use the first domain for $cert_name instead of the $title.

This doesn't change anything if $domains is undefined, or if the $title is already the same as the first argument of the list passed to $domains.

This Pull Request (PR) fixes the following issues

certbot CLI by default will use the first domain as the cert-name and path to store the certificate files.

This puppet module should do the same.

(I separated this PR from #219 to allow merging separately, as this could potentially breaks things as it did when the --cert-name $title was introduced in 8f8e4f98)

<!--
Thank you for contributing to this project!

• This project has a Contributor Code of Conduct: https://voxpupuli.org/coc/
• Please check that here is no existing issue or PR that addresses your problem.
• Our vulnerabilities reporting process is at https://voxpupuli.org/security/

-->

Pull Request (PR) description

Add dns-ovh support based on dns_rfc2136 implementation

Pull Request (PR) description

I added automatic installation of the ...-certbot-nginx-... package when 'plugin' => 'nginx' is given to define letsencrypt::certonly. And i provided an example in Readme.

This Pull Request (PR) fixes the following issues

On Centos for example, when a Nginx web server is running, simply asking Certbot to create or renew certificates is not enough. It requires an additional package or plugin,

Pull Request (PR) description

Adding feature support for the Certbot DNS Cloudflare plugin.

The plugin itself allows for two types of authentication, API token or Global API Key and corresponding Email so both are supported in this change.

Cloudflare recommends API tokens as they're more secure, so this module will prioritize token authentication over key authentication if both are provided.

This Pull Request (PR) fixes the following issues

n/a

Pull Request (PR) description

My apologies on missing this. In testing https://github.com/voxpupuli/puppet-letsencrypt/pull/254 I had manually enable the python36 module stream at some point before hand, but after running on a fresh install I realized certbot requires this module stream to be enabled per:

Error: Execution of '/bin/dnf -d 0 -e 1 -y install certbot' returned 1: Error:
Problem: package certbot-1.20.0-1.el8.noarch requires python3-certbot = 1.20.0-1.el8, but none of the providers can be installed
- package python3-certbot-1.20.0-1.el8.noarch requires /usr/bin/python3.6, but none of the providers can be installed
- conflicting requests
- package python36-3.6.8-2.module_el8.3.0+6191+6b4b10ec.x86_64 is filtered out by modular filtering
Error: /Stage[main]/Letsencrypt::Install/Package[letsencrypt]/ensure: change from 'purged' to 'present' failed: Execution of '/bin/dnf -d 0 -e 1 -y install certbot' returned 1: Error:
Problem: package certbot-1.20.0-1.el8.noarch requires python3-certbot = 1.20.0-1.el8, but none of the providers can be installed
- package python3-certbot-1.20.0-1.el8.noarch requires /usr/bin/python3.6, but none of the providers can be installed
- conflicting requests
- package python36-3.6.8-2.module_el8.3.0+6191+6b4b10ec.x86_64 is filtered out by modular filtering


This Pull Request (PR) fixes the following issues

Fixes #236

This also adds support for naming services to restart with systemd instead of long-handing it all.
It also adds support for managing firewalls using firewalld for systems that are not meant to be http/https accessible at all times.

These three are essentially the same support and it is difficult to break it up

Again, I would love help knowing quite how to create the CI acceptances for this.

Fixed bugs:

• Don't use reserved words #273 (nod0n)

Pull Request (PR) description

letsencrypt::certonly required letsencrypt and when passing a
certificate list to $letsencrypt::certificates, it created a dependency
cycle.

This problem was discussed in slack: https://puppetcommunity.slack.com/archives/C0W1Y5VL0/p1642680497025900