Skip to content
This repository has been archived by the owner on Jun 11, 2024. It is now read-only.
/ letsencrypt Public archive
forked from schubergphilis/chef-acme

Chef cookbook to automatically get/renew free and trusted certificates from Let's Encrypt

License

Apache-2.0 license
0 stars 74 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

higanworks-cookbooks/letsencrypt

BranchesTags
 
 

Repository files navigation

letsencrypt cookbook

Automatically get/renew free and trusted certificates from Let's Encrypt (letsencrypt.org).

Attributes

default

  • node['letsencrypt']['contact'] - Contact information, default empty.
  • node['letsencrypt']['endpoint'] - ACME server endpoint, default 'https://acme-staging.api.letsencrypt.org'. Set to https://acme-v01.api.letsencrypt.org for real certificates.
  • node['letsencrypt']['renew'] - Days before the certificate expires at which the certificate will be renewed, default 30.

Recipes

default

Installs the required acme-client rubygem.

Usage

Use the letsencrypt_certificate provider to request a certificate. The webserver for the domain for which you are requesting a certificate must be running on the local server. Currently only the http validation method is supported. Provide the path to your wwwroot for the specified domain.

letsencrypt_certificate 'test.example.com' do
  crt      '/etc/ssl/test.example.com.crt'
  key      '/etc/ssl/test.example.com.key'
  method   'http'
  wwwroot  '/var/www'
end

In case your webserver needs an already existing certificate when installing a new server you will have a bootstrap problem. Webserver cannot start without certificate, but the certificate cannot be requested without the running webserver. To overcome this a self-signed certificate can be generated with the letsencrypt_selfsigned provider.

letsencrypt_selfsigned 'test.example.com' do
  crt     '/etc/ssl/test.example.com.crt'
  key     '/etc/ssl/test.example.com.key'
end

A working example can be found in the included acme_client test cookbook.

Providers

certificate

Property Type Description Default
cn String The common name for the certificate Name of the resource block
crt String File path to place the certificate nil
key String File path to place the private key nil
chain String File path to place the certificate chain nil
fullchain String File path to place the certificate including the chain nil
owner String Owner of the created files root
group String Group of the created files root
method String Validation method http
wwwroot String Path to the wwwroot of the domain /var/www

selfsigned

Property Type Description Default
cn String The common name for the certificate Name of the resource block
crt String File path to place the certificate nil
key String File path to place the private key nil
owner String Owner of the created files root
group String Group of the created files root

Testing

The kitchen includes a boulder server to run the integration tests with, so testing can run locally without interaction with the online API's.

Contributing

  1. Fork the repository on Github
  2. Create a named feature branch (like add_component_x)
  3. Write your change
  4. Write tests for your change (if applicable)
  5. Run the tests, ensuring they all pass
  6. Submit a Pull Request using Github

License and Authors

Authors: Thijs Houtenbos [email protected]

About

Chef cookbook to automatically get/renew free and trusted certificates from Let's Encrypt

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Ruby 100.0%