GitHub puppet-letsencrypt

80

80

17

A Puppet module to install the Letsencrypt client and request certificates.

This also adds support for naming services to restart with systemd instead of long-handing it all.
It also adds support for managing firewalls using firewalld for systems that are not meant to be http/https accessible at all times.

These three are essentially the same support and it is difficult to break it up

Again, I would love help knowing quite how to create the CI acceptances for this.

<!--
Thank you for contributing to this project!

• This project has a Contributor Code of Conduct: https://voxpupuli.org/coc/
• Please check that here is no existing issue or PR that addresses your problem.
• Our vulnerabilities reporting process is at https://voxpupuli.org/security/

-->

Pull Request (PR) description

I added support to configure environments for the letsencrypt renew cron job. This way it possible to add for example an email address to send the output from the cronjob.

Fixes #63.
We rename the environment to venv_vars in order to ensure that hiera calls do not break, as soon as a puppet execution flow enters our module. For consistency's sake, we change environment not only in the main class (where it's definitely needed: rodjek/puppet-lint#574), but also in the certonly define.

Pull Request (PR) description

I added automatic installation of the ...-certbot-nginx-... package when 'plugin' => 'nginx' is given to define letsencrypt::certonly. And i provided an example in Readme.

This Pull Request (PR) fixes the following issues

On Centos for example, when a Nginx web server is running, simply asking Certbot to create or renew certificates is not enough. It requires an additional package or plugin,

<!--
Thank you for contributing to this project!

• This project has a Contributor Code of Conduct: https://voxpupuli.org/coc/
• Please check that here is no existing issue or PR that addresses your problem.
• Our vulnerabilities reporting process is at https://voxpupuli.org/security/

-->

Pull Request (PR) description

Add dns-ovh support based on dns_rfc2136 implementation

Add new optional parameter to set the group ownership of shipped files

Some Operating Systems (a current OpenBSD release) don't have group 'root' - this PR allows setting the group to something else.
Default of group:root has not changed

This Pull Request (PR) fixes the following issues

N/A

<!--
Thank you for contributing to this project!

• This project has a Contributor Code of Conduct: https://voxpupuli.org/coc/
• Please check that here is no existing issue or PR that addresses your problem.
• Our vulnerabilities reporting process is at https://voxpupuli.org/security/

-->

Pull Request (PR) description

Use the first domain for $cert_name instead of the $title.

This doesn't change anything if $domains is undefined, or if the $title is already the same as the first argument of the list passed to $domains.

This Pull Request (PR) fixes the following issues

certbot CLI by default will use the first domain as the cert-name and path to store the certificate files.

This puppet module should do the same.

(I separated this PR from #219 to allow merging separately, as this could potentially breaks things as it did when the --cert-name $title was introduced in 8f8e4f98)