Skip to content

opus-codium/puppet-dehydrated

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

184 Commits

.github

.github

 
 

data

data

 
 

examples

examples

 
 

functions

functions

 
 

manifests

manifests

 
 

plans

plans

 
 

spec

spec

 
 

tasks

tasks

 
 

templates

templates

 
 

.fixtures.yml

.fixtures.yml

 
 

.gitattributes

.gitattributes

 
 

.gitignore

.gitignore

 
 

.pmtignore

.pmtignore

 
 

.puppet-lint.rc

.puppet-lint.rc

 
 

.rspec

.rspec

 
 

.rspec_parallel

.rspec_parallel

 
 

.rubocop.yml

.rubocop.yml

 
 

.sync.yml

.sync.yml

 
 

.yardopts

.yardopts

 
 

CHANGELOG.md

CHANGELOG.md

 
 

Gemfile

Gemfile

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

REFERENCE.md

REFERENCE.md

 
 

Rakefile

Rakefile

 
 

hiera.yaml

hiera.yaml

 
 

metadata.json

metadata.json

 
 

Repository files navigation

dehydrated

Build Status Puppet Forge Puppet Forge - downloads Puppet Forge - endorsement Puppet Forge - scores License

Table of Contents

Module Description

The dehydrated module lets you use Puppet to manage Let's Encrypt certificates creation and renewal using dehydrated.

Setup

Beginning with dehydrated

Let's encrypt needs a contact address that must be passed to the dehydrated class:

class { 'dehydrated':
  contact_email => 'user@example.com',
}

This is enough to get started and creating certificates.

Usage

Generate a simple certificate

After including the required dehydrated class, each dehydrated::certificate will produce a single certificate file:

class { 'dehydrated':
  contact_email => 'user@example.com',
}

dehydrated::certificate { 'example.com':
}

Generate a certificate with SAN

A dehydrated::certificate can use the domains parameter to indicate Subject Alternative Names (SAN).

class { 'dehydrated':
  contact_email => 'user@example.com',
}

dehydrated::certificate { 'example.com':
  domains => [
    'www.example.com',
    'example.net',
    'www.example.net'
  ],
}

Use DNS-01 hook

Examples of dns-01 hook.sh:

Hook must wait until DNS records are really synced across public DNS servers and only then finish. Otherwise Let's Encrypt won't find the records from their side and dehydrated run will fail.

class { 'dehydrated':
  contact_email => 'user@example.com',
  challengetype => 'dns-01',
  hook          => '/home/dehydrated/hook.sh',
  timeout       => 600,
}

dehydrated::certificate { 'example.com':
}

Renewing certificates with cron

The cron_integration parameter of the dehydrated class configures cron to renew certificates before they expire.

class { 'dehydrated':
  contact_email    => 'user@example.com',
  cron_integration => true,
}

Please note that the web server is not automatically restarted when certificates are renewed.

Serving challenges with Apache

The apache_integration parameter of the dehydrated class configures apache to serve the challenges used for domain validation.

The following example redirect all HTTP requests to HTTPS except those related to letsencrypt's validation:

include ::apache
include ::apache::mod::rewrite

class { 'dehydrated':
  contact_email      => 'user@example.com',
  apache_integration => true,
}

apache::vhost { 'main':
  port           => 80,
  default_vhost  => true,
  docroot        => '/var/empty',
  manage_docroot => false,
  directories    => [
    {
      path     => '/var/empty',
      rewrites => [
        {
          rewrite_rule => '.* https://%{HTTP_HOST}%{REQUEST_URI} [R=301]',
        },
      ],
    },
  ],
}

About

dehydrated puppet module

Topics

letsencrypt puppet letsencrypt-sh dehydrated hacktoberfest

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

3 stars

Watchers

4 watching

Forks

5 forks
Report repository

Releases 15

5.0.0 Latest
Oct 5, 2022
+ 14 releases

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages