Vox Pupuli Tasks Repositories About
Log in

GitHub puppet-letsencrypt
A Puppet module to install the Letsencrypt client and request certificates.

Repo Checks ( 23 of 28 successfull )
Metadata Valid
No translation
passed
Correct Puppet Version Range
Supported Puppet version range is %{PUPPET_SUPPORT_RANGE}
passed
With Puppet Version Range
Puppet version range is present in requirements in metadata.json
passed
With Operatingsystem Support
No translation
passed
Operatingsystems
No translation
passed
Supports Only Current Almalinux
No translation
passed
Supports Latest Almalinux
No translation
failed
Supports Only Current Centos
No translation
passed
Supports Latest Centos
No translation
failed
Supports Only Current Redhat
No translation
passed
Supports Latest Redhat
No translation
passed
Supports Only Current Fedora
No translation
passed
Supports Latest Fedora
No translation
passed
Supports Only Current Ubuntu
No translation
passed
Supports Latest Ubuntu
No translation
failed
Supports Only Current Debian
No translation
passed
Supports Latest Debian
No translation
passed
Supports Only Current Openbsd
No translation
passed
Supports Latest Openbsd
No translation
failed
Supports Only Current Freebsd
No translation
passed
Supports Latest Freebsd
No translation
passed
In Modulesync Repo
Is listed as a module managed using modulesync_config
passed
Synced
Has a .msync.yml file
passed
Latest Modulesync
Has been synchronized with the latest tagged version of modulesync_config
failed
Has Modulesync
Is present in voxpupuli/modulesync_config/managed_modules.yml
passed
Released
Is in modulesync_config and in forge releases.
passed
Valid Sync File
If a (optional) sync file is present, it must not contain a `.travis.yml` entry.
passed
Reference Dot Md
The repository has a REFERENCE.md. It needs to be generated / puppet-strings documentation is missing.
passed

Open Pull Requests

use gid 0 rather than group 'root' to let the module work on BSDs.

<!--
Thank you for contributing to this project!

-->

Pull Request (PR) description

On FreeBSD and OpenBSD gid 0 is 'wheel', not 'root' and it will fail.
Using gid 0 corrects this simply.

This Pull Request (PR) fixes the following issues

I didn't find an issue for this, but the PR #231 is similar.

Open PR in GitHub
Add support for specifying key type
enhancement
needs-work

Pull Request (PR) description

Allow specifying which key type to generate. Certbot changed it's default from rsa to elliptic curve, but I kept the default to rsa for backwards compatibility.

Open PR in GitHub
Add certbot-dns-ovh plugin support
merge-conflicts
tests-fail

<!--
Thank you for contributing to this project!

-->

Pull Request (PR) description

Add dns-ovh support based on dns_rfc2136 implementation

Open PR in GitHub
rename environment parameter to unbreak hiera
backwards-incompatible
merge-conflicts
needs-docs
needs-rebase
tests-fail

Fixes #63.
We rename the environment to venv_vars in order to ensure that hiera calls do not break, as soon as a puppet execution flow enters our module. For consistency's sake, we change environment not only in the main class (where it's definitely needed: rodjek/puppet-lint#574), but also in the certonly define.

Open PR in GitHub
Change the default `cron_hour` to twice a day
enhancement
merge-conflicts

Pull Request (PR) description

Change the random seed per hour for letsencrypt::certonly cronjob resource.

This Pull Request (PR) fixes the following issues

Fixes #47

Open PR in GitHub
add option for removing cron provided by distro pkgs
merge-conflicts
enhancement

Pull Request (PR) description

This PR aims at removing the system cron or systemd timer when the renew cron is managed by puppet (this doesn't handle certonly cron). If we don't do that on certains distro (for exemple Debian), a cron will be automaticaly added by the package and might renew the certificate before the puppet cron, and thus the puppet renew hooks won't be executed.

This Pull Request (PR) fixes the following issues

Fixes #164

Open PR in GitHub
modulesync 5.4.0
modulesync

modulesync 5.4.0

Open PR in GitHub
Add dns-azure to allowed plugins
enhancement

Pull Request (PR) description

Add dns-azure to list of allowed plugins.

This is one of the 3rd party plugins listed at https://eff-certbot.readthedocs.io/en/stable/using.html#third-party-plugins

Caveat

I'm currently using this module on my branch on a RHEL 9 host, but the only caveat is the fastest way I found to get the plugin working was via the snap package:

```puppet
include snap

package { 'certbot':
ensure => installed,
provider => 'snap',
install_options => ['classic'],
}

file { '/usr/bin/certbot':
ensure => link,
source => '/snap/bin/certbot',
require => Package['certbot'],
}

package { 'certbot-dns-azure':
ensure => installed,
provider => 'snap',
install_options => ['channel=edge'],
require => Package['certbot'],
}
```

And also had to run snap set certbot trust-plugin-with-root=ok before the last package resource, but didn't take the time yet to examine what changed on disk in order to create an exec resource to do that.

Open PR in GitHub
Avoid race condition when renewing certificates
bug

<!--
Thank you for contributing to this project!

-->

Pull Request (PR) description

This PR makes sure that only single certificate can be processed at the same time. Make sure to obtain exclusive lock before executing renewal command.

flock command is used to obtain exclusive lock (with 30 seconds timeout).

This Pull Request (PR) fixes the following issues

Resolve errors like this, when randomized cron job time is not enough:

Another instance of Certbot is already running.

Open PR in GitHub
(#236) Enable python module stream on EL8
merge-conflicts

Pull Request (PR) description

My apologies on missing this. In testing https://github.com/voxpupuli/puppet-letsencrypt/pull/254 I had manually enable the python36 module stream at some point before hand, but after running on a fresh install I realized certbot requires this module stream to be enabled per:

Error: Execution of '/bin/dnf -d 0 -e 1 -y install certbot' returned 1: Error:
Problem: package certbot-1.20.0-1.el8.noarch requires python3-certbot = 1.20.0-1.el8, but none of the providers can be installed
- package python3-certbot-1.20.0-1.el8.noarch requires /usr/bin/python3.6, but none of the providers can be installed
- conflicting requests
- package python36-3.6.8-2.module_el8.3.0+6191+6b4b10ec.x86_64 is filtered out by modular filtering
Error: /Stage[main]/Letsencrypt::Install/Package[letsencrypt]/ensure: change from 'purged' to 'present' failed: Execution of '/bin/dnf -d 0 -e 1 -y install certbot' returned 1: Error:
Problem: package certbot-1.20.0-1.el8.noarch requires python3-certbot = 1.20.0-1.el8, but none of the providers can be installed
- package python3-certbot-1.20.0-1.el8.noarch requires /usr/bin/python3.6, but none of the providers can be installed
- conflicting requests
- package python36-3.6.8-2.module_el8.3.0+6191+6b4b10ec.x86_64 is filtered out by modular filtering

This Pull Request (PR) fixes the following issues

Fixes #236

Open PR in GitHub
Add support for the Certbot Gandi plugin
enhancement
merge-conflicts
needs-rebase
needs-squash

<!--
Thank you for contributing to this project!

-->

Pull Request (PR) description

Adding feature support for the certbot-plugin-gandi created by @obynio

The plugin use the Production API key.

This Pull Request (PR) fixes the following issues

<!--
Replace this comment with the list of issues or n/a.
Use format:
Fixes #123
Fixes #124
-->
N/A

Open PR in GitHub
Feature: Certbot plugin Apache

Pull Request (PR) description

It was strange to me that the module mentions the apache plugin, but has no installation of said plugin anywhere.

In the meantime i used standalone and did an ugly cron pre/post combo But this should address the issue properly

  • adds the plugin class 'apache'
  • adds python2 package names for old EL7 distro's
  • includes green tests.
Open PR in GitHub