Update for letsencryp.sh 0.2.0
This commit is contained in:
parent
dcfdc638b9
commit
4a32ac49f5
|
@ -1,6 +1,15 @@
|
|||
letsencrypt-sh formula
|
||||
======================
|
||||
|
||||
0.2.0 (2016-08-23)
|
||||
|
||||
- Updated for version 0.2.0 of the client. Forces BASEDIR and DOMAINS_TXT
|
||||
to values used by the formula in case the local configuration (or the
|
||||
defaults) differs from the expected value. Also use
|
||||
/etc/letsencrypt.sh/config.sh on non-Debian systems as this
|
||||
is the canonical configuration file and we can't assume that
|
||||
/etc/letsencrypt.sh/conf.d is in use.
|
||||
|
||||
0.1.0 (2016-06-21)
|
||||
|
||||
- Initial version, compatible with version 0.1.0 of the client
|
||||
|
|
|
@ -3,7 +3,7 @@
|
|||
letsencrypt_sh:
|
||||
pkg: 'letsencrypt.sh'
|
||||
pkg_apache: 'letsencrypt.sh-apache2'
|
||||
config_file: '/etc/letsencrypt.sh/conf.d/defaults.sh'
|
||||
config_file: '/etc/letsencrypt.sh/config.sh'
|
||||
basedir: '/var/lib/letsencrypt.sh'
|
||||
domains_txt: '/var/lib/letsencrypt.sh/domains.txt'
|
||||
cron_command: 'letsencrypt.sh --cron >/var/log/letsencrypt.sh.log 2>&1; res=$?; [ $res -eq 0 ] || cat /var/log/letsencrypt.sh.log; exit $res'
|
||||
|
|
|
@ -1,4 +1,10 @@
|
|||
{% from "letsencrypt-sh/map.jinja" import letsencrypt_sh with context %}
|
||||
{% set cfg_client = salt['pillar.get']('letsencrypt-sh:config', {}) -%}
|
||||
{% do cfg_client.update({
|
||||
'basedir': letsencrypt_sh.basedir,
|
||||
'domains-txt': letsencrypt_sh.domains_txt,
|
||||
})
|
||||
-%}
|
||||
{%- macro get_config(configname, default_value) -%}
|
||||
{%- set varname = configname.replace("-", "_") -%}
|
||||
{%- if configname in cfg_client -%}
|
||||
|
@ -8,7 +14,7 @@
|
|||
{%- endif -%}
|
||||
{%- endmacro -%}
|
||||
# This file is managed by Salt, do not edit by hand!
|
||||
# Based on letsencrypt.sh version 0.1.0 default config
|
||||
# Based on letsencrypt.sh version 0.2.0 default config
|
||||
|
||||
########################################################
|
||||
# This is the main config file for letsencrypt.sh #
|
||||
|
@ -16,26 +22,47 @@
|
|||
# Default values of this config are in comments #
|
||||
########################################################
|
||||
|
||||
# Resolve names to addresses of IP version only. (curl)
|
||||
# supported values: 4, 6
|
||||
# default: <unset>
|
||||
{{ get_config('ip_version', '') }}
|
||||
|
||||
# Path to certificate authority (default: https://acme-v01.api.letsencrypt.org/directory)
|
||||
{{ get_config('ca', 'https://acme-v01.api.letsencrypt.org/directory') }}
|
||||
|
||||
# Path to license agreement (default: https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf)
|
||||
{{ get_config('license', 'https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf') }}
|
||||
# Path to license agreement (default: https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf)
|
||||
{{ get_config('license', 'https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf') }}
|
||||
|
||||
# Which challenge should be used? Currently http-01 and dns-01 are supported
|
||||
{{ get_config('challengetype', 'http-01') }}
|
||||
|
||||
# Path to a directory containing additional config files, allowing to override
|
||||
# the defaults found in the main configuration file. Additional config files
|
||||
# in this directory needs to be named with a '.sh' ending.
|
||||
# default: <unset>
|
||||
{{ get_config('config_d', '') }}
|
||||
|
||||
# Base directory for account key, generated certificates and list of domains (default: $SCRIPTDIR -- uses config directory if undefined)
|
||||
{{ get_config('basedir', '/var/lib/letsencrypt.sh') }}
|
||||
|
||||
# Output directory for challenge-tokens to be served by webserver or deployed in HOOK (default: $BASEDIR/.acme-challenges)
|
||||
{{ get_config('wellknown', '/var/lib/letsencrypt.sh/acme-challenges') }}
|
||||
# File containing the list of domains to request certificates for (default: $BASEDIR/domains.txt)
|
||||
{{ get_config('domains-txt', '${BASEDIR}/domains.txt') }}
|
||||
|
||||
# Output directory for generated certificates
|
||||
{{ get_config('certdir', '${BASEDIR}/certs') }}
|
||||
|
||||
# Directory for account keys and registration information
|
||||
{{ get_config('accountdir', '${BASEDIR}/accounts') }}
|
||||
|
||||
# Output directory for challenge-tokens to be served by webserver or
|
||||
# deployed in HOOK (default: /var/www/letsencrypt)
|
||||
{{ get_config('wellknown', '/var/www/letsencrypt.sh') }}
|
||||
|
||||
# Location of private account key (default: $BASEDIR/private_key.pem)
|
||||
{{ get_config('private-key', '${BASEDIR}/private_key.pem') }}
|
||||
{{ get_config('account-key', '${BASEDIR}/private_key.pem') }}
|
||||
|
||||
# Location of private account registration information (default: $BASEDIR/private_key.json)
|
||||
{{ get_config('private-key-json', '${BASEDIR}/private_key.json') }}
|
||||
{{ get_config('account-key-json', '${BASEDIR}/private_key.json') }}
|
||||
|
||||
# Default keysize for private keys (default: 4096)
|
||||
{{ get_config('keysize', '4096') }}
|
||||
|
@ -72,3 +99,6 @@
|
|||
|
||||
# Lockfile location, to prevent concurrent access (default: $BASEDIR/lock)
|
||||
{{ get_config('lockfile', '${BASEDIR}/lock') }}
|
||||
|
||||
# Option to add CSR-flag indicating OCSP stapling to be mandatory (default: no)
|
||||
{{ get_config('ocsp-must-staple', 'no') }}
|
||||
|
|
|
@ -9,7 +9,10 @@ Setup variable using grains['os_family'] based logic, only add key:values here
|
|||
that differ from whats in defaults.yaml
|
||||
##}
|
||||
{% set os_family_map = salt['grains.filter_by']({
|
||||
'Debian': {},
|
||||
'Debian': {
|
||||
'domains_txt': '/etc/letsencrypt.sh/domains.txt',
|
||||
'config_file': '/etc/letsencrypt.sh/conf.d/defaults.sh',
|
||||
},
|
||||
'Suse': {},
|
||||
'Arch': {},
|
||||
'RedHat': {},
|
||||
|
|
Loading…
Reference in New Issue