Defined Type: acme::certificate

Defined in:
manifests/certificate.pp

Summary

Create a certificate

Overview

Parameters:

  • hook_script (String)

    sets the code to run after the certificate is updated

  • aws_access_key_id (String)

    sets the AWS key to use for Route53 challenge

  • aws_secret_access_key (String)

    sets the AWS secret key to use for the Route53 challenge

  • email (String)

    sets the contact address for the certificate

  • key_type (String) (defaults to: 'ec256')

    sets the public key type

  • hostname (String) (defaults to: $title)

    sets the CN of the certificate



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
# File 'manifests/certificate.pp', line 9

define acme::certificate (
  String $hook_script,
  String $aws_access_key_id,
  String $aws_secret_access_key,
  String $email,
  String $key_type = 'ec256',
  String $hostname = $title,
) {
  include acme

  $path = $acme::path

  $hook_file = "${path}/hooks/${hostname}"
  $creds_file = "${path}/creds/${hostname}"
  $renew_file = "${path}/renew/${hostname}"

  $args = [
    '/usr/bin/lego',
    "--path=${path}",
    '--dns=route53',
    "--domains=${hostname}",
    '--accept-tos',
    "--email=${email}",
    "--key-type=${key_type}",
    'run',
    "--run-hook=${hook_file}",
  ]

  file { $creds_file:
    ensure  => file,
    content => template('acme/creds.erb'),
    mode    => '0600',
  }

  -> file { $renew_file:
    ensure  => file,
    content => template('acme/renew.sh.erb'),
    mode    => '0700',
  }

  -> file { $hook_file:
    ensure  => file,
    content => $hook_script,
    mode    => '0755',
  }

  -> exec { "lego-issue-${hostname}":
    command     => $args,
    creates     => "${path}/certificates/${hostname}.crt",
    environment => ["AWS_SHARED_CREDENTIALS_FILE=${creds_file}"],
  }
}