acme: Install and configure acme.sh to manage SSL certificates
acme::request::handler: Gather all data and use acme.sh to create accounts and sign certificates.acme::setup::common: Setup all necessary directories, users and groups.acme::setup::puppetmaster: Setup acme.sh and all necessary directories and packages.
acme::certificate: Request a certificate.
acme::csr: Create a Certificate Signing Request (CSR) and send it to PuppetDBacme::deploy: Collects signed certificates for this host from PuppetDB.acme::deploy::crt: Install a signed certificate on the target host.acme::request: A request to sign a CSR or renew a certificate.acme::request::crt: Fetch the certificate from facter and export it via PuppetDB.acme::request::ocsp: Retrieve ocsp stapling information
file_or_empty_string: Return the contents of a file. Multiple files can be passed, and the first file that exists will be read in.
Install and configure acme.sh to manage SSL certificates
The following parameters are available in the acme class:
accountsacct_diracme_diracme_git_urlacme_git_forceacme_hostacme_install_diracme_revisionacmecmdacmelogbase_dirca_whitelistcertificatescfg_dircrt_dircsr_dirdate_expressiondefault_accountdefault_cadefault_profiledh_param_sizednssleepexec_timeoutgroupkey_dirlog_dirmanage_packagesocsp_must_stapleocsp_requestpathposthook_cmdprofilesproxyrenew_daysresults_dirshellstat_expressionuser
Data type: Array
An array of e-mail addresses that acme.sh may use during the ACME account registration. Should only be defined on $acme_host.
Data type: Stdlib::Absolutepath
The directory for acme.sh accounts.
Data type: Stdlib::Absolutepath
The working directory for acme.sh.
Data type: String
URL to the acme.sh GIT repository. Defaults to the official GitHub project. Feel free to use a local mirror or fork.
Data type: Boolean
Force repository creation, destroying any files on the path in the process. Useful when the repo URL has changed.
Data type: String
The host you want to run acme.sh on. For now it needs to be a puppetmaster, as it needs direct access to the certificates using functions in Puppet.
Data type: Stdlib::Absolutepath
The installation directory for acme.sh.
Data type: String
The GIT revision of the acme.sh repository. Defaults to master which should
contain a stable version of acme.sh.
Data type: String
The binary path to acme.sh.
Data type: Stdlib::Absolutepath
The log file.
Data type: Stdlib::Absolutepath
The configuration base directory for acme.sh.
Data type: Array
Specifies the CAs that may be used on $acme_host. The module will register
any account specified in $accounts with all specified CAs. This ensure that
these accounts are ready for use.
Data type: Hash
Array of full qualified domain names you want to request a certificate for. For SAN certificates you need to pass space seperated strings, for example ['foo.example.com fuzz.example.com', 'blub.example.com']
Data type: Stdlib::Absolutepath
The directory for acme.sh configs.
Data type: Stdlib::Absolutepath
The directory for acme.sh certificates.
Data type: Stdlib::Absolutepath
The directory for acme.sh CSRs.
Data type: String
The command used to calculate renewal dates for existing certificates.
Data type: Optional[String]
The default account that should be used to new certificate requests.
The account must already be defined in $accounts.
May be overriden by specifying $use_account for the certificate.
Default value: undef
Data type: Enum['buypass', 'buypass_test', 'letsencrypt', 'letsencrypt_test', 'sslcom', 'zerossl']
The default ACME CA that should be used to new certificate requests.
May be overriden by specifying $ca for the certificate.
Previous versions of acme.sh used to have Let's Encrypt as their default CA,
hence this is the default value for this Puppet module.
Data type: Optional[String]
The default profile that should be used to new certificate requests.
The profile must already be defined in $profile.
May be overriden by specifying $use_profile for the certificate.
Default value: undef
Data type: Integer
Specifies the DH parameter size, defaults to 2048.
Data type: Integer
The time in seconds acme.sh should wait for all DNS changes to take effect.
Settings this to 0 disables the sleep mechanism and lets acme.sh poll DNS
status automatically by using DNS over HTTPS.
Data type: Integer
Specifies the time in seconds that any acme.sh operation can take before
it is aborted by Puppet. This should usually be set to a higher value
than $dnssleep.
Data type: String
The group for acme.sh.
Data type: Stdlib::Absolutepath
The directory for acme.sh keys.
Data type: Stdlib::Absolutepath
The log directory for acme.sh.
Data type: Boolean
Whether the module should install necessary packages, mainly git.
Set to false to disable package management.
Data type: Boolean
Whether to request certificates with OCSP Must-Staple extension, defaults to true.
Data type: Stdlib::Absolutepath
The script used by acme.sh to get OCSP data.
Data type: String
The content of the PATH env variable when running Exec resources.
Data type: String
Specifies a optional command to run after a certificate has been changed.
Data type: Optional[Hash]
A hash of profiles that contain information how acme.sh should sign certificates. A profile defines not only the challenge type, but also all required parameters and credentials used by acme.sh to sign the certificate. Should only be defined on $acme_host.
Default value: undef
Data type: Optional[String]
Proxy server to use to connect to the ACME CA, for example proxy.example.com:3128
Default value: undef
Data type: Integer
Specifies the interval at which certs should be renewed automatically. Defaults to 60.
Data type: Stdlib::Absolutepath
The output directory for acme.sh.
Data type: String
The shell for the acme.sh user account.
Data type: String
The command used to get the modification time of a file.
Data type: String
The user for acme.sh.
Request a certificate.
The following parameters are available in the acme::certificate defined type:
Data type: String
The host you want to run acme.sh on. Usually your Puppet Server.
Defaults to $acme::acme_host.
Default value: $acme::acme_host
Data type: Optional[Enum['buypass', 'buypass_test', 'letsencrypt', 'letsencrypt_test', 'sslcom', 'zerossl']]
The ACME CA that should be used. Used to overwrite the default
CA that is configured on $acme_host.
Default value: $acme::default_ca
Data type: Integer
dh parameter size, defaults to $acme::dh_param_size
Default value: $acme::dh_param_size
Data type: Variant[String, Array[String], Undef]
Full qualified domain names you want to request a certificate for. For SAN certificates you need to pass space seperated strings, for example 'foo.example.com fuzz.example.com', or an array of names.
If no domain is specified, the resource name will be parsed as a list of domains, and the first domain will be used as certificate name.
Default value: undef
Data type: Boolean
request certificate with OCSP Must-Staple exctension, defaults to $acme::ocsp_must_staple
Default value: $acme::ocsp_must_staple
Data type: String
Specifies a optional command to run after a certificate has been changed.
Default value: $acme::posthook_cmd
Data type: Integer
Specifies the interval at which certs should be renewed automatically. Defaults to 60.
Default value: $acme::renew_days
Data type: String
The ACME account that should be used (or registered).
This account must exist in $accounts on your $acme_host.
Default value: $acme::default_account
Data type: String
Specify the profile that should be used to sign the certificate.
This profile must exist in $profiles on your $acme_host.
Default value: $acme::default_profile
Type: Ruby 3.x API
Return the contents of a file. Multiple files can be passed, and the first file that exists will be read in.
Return the contents of a file. Multiple files can be passed, and the first file that exists will be read in.
Returns: Any