Update for letsencryp.sh 0.2.0

CHANGELOG.rst

@@ -1,6 +1,15 @@
 letsencrypt-sh formula
 ======================
 
+0.2.0 (2016-08-23)
+
+- Updated for version 0.2.0 of the client. Forces BASEDIR and DOMAINS_TXT
+  to values used by the formula in case the local configuration (or the
+  defaults) differs from the expected value. Also use
+  /etc/letsencrypt.sh/config.sh on non-Debian systems as this
+  is the canonical configuration file and we can't assume that
+  /etc/letsencrypt.sh/conf.d is in use.
+
 0.1.0 (2016-06-21)
 
 - Initial version, compatible with version 0.1.0 of the client

letsencrypt-sh/defaults.yaml

@@ -3,7 +3,7 @@
 letsencrypt_sh:
   pkg: 'letsencrypt.sh'
   pkg_apache: 'letsencrypt.sh-apache2'
-  config_file: '/etc/letsencrypt.sh/conf.d/defaults.sh'
+  config_file: '/etc/letsencrypt.sh/config.sh'
   basedir: '/var/lib/letsencrypt.sh'
   domains_txt: '/var/lib/letsencrypt.sh/domains.txt'
   cron_command: 'letsencrypt.sh --cron >/var/log/letsencrypt.sh.log 2>&1; res=$?; [ $res -eq 0 ] || cat /var/log/letsencrypt.sh.log; exit $res'

letsencrypt-sh/files/config.sh

@@ -1,4 +1,10 @@
+{% from "letsencrypt-sh/map.jinja" import letsencrypt_sh with context %}
 {% set cfg_client = salt['pillar.get']('letsencrypt-sh:config', {}) -%}
+{% do cfg_client.update({
+	   'basedir': letsencrypt_sh.basedir,
+	   'domains-txt': letsencrypt_sh.domains_txt,
+   })
+-%}
 {%- macro get_config(configname, default_value) -%}
 {%- set varname = configname.replace("-", "_") -%}
 {%- if configname in cfg_client -%}
@@ -8,7 +14,7 @@
 {%- endif -%}
 {%- endmacro -%}
 # This file is managed by Salt, do not edit by hand!
-# Based on letsencrypt.sh version 0.1.0 default config
+# Based on letsencrypt.sh version 0.2.0 default config
 
 ########################################################
 # This is the main config file for letsencrypt.sh      #
@@ -16,26 +22,47 @@
 # Default values of this config are in comments        #
 ########################################################
 
+# Resolve names to addresses of IP version only. (curl)
+# supported values: 4, 6
+# default: <unset>
+{{ get_config('ip_version', '') }}
+
 # Path to certificate authority (default: https://acme-v01.api.letsencrypt.org/directory)
 {{ get_config('ca', 'https://acme-v01.api.letsencrypt.org/directory') }}
 
-# Path to license agreement (default: https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf)
-{{ get_config('license', 'https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf') }}
+# Path to license agreement (default: https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf)
+{{ get_config('license', 'https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf') }}
 
 # Which challenge should be used? Currently http-01 and dns-01 are supported
 {{ get_config('challengetype', 'http-01') }}
 
+# Path to a directory containing additional config files, allowing to override
+# the defaults found in the main configuration file. Additional config files
+# in this directory needs to be named with a '.sh' ending.
+# default: <unset>
+{{ get_config('config_d', '') }}
+
 # Base directory for account key, generated certificates and list of domains (default: $SCRIPTDIR -- uses config directory if undefined)
 {{ get_config('basedir', '/var/lib/letsencrypt.sh') }}
 
-# Output directory for challenge-tokens to be served by webserver or deployed in HOOK (default: $BASEDIR/.acme-challenges)
-{{ get_config('wellknown', '/var/lib/letsencrypt.sh/acme-challenges') }}
+# File containing the list of domains to request certificates for (default: $BASEDIR/domains.txt)
+{{ get_config('domains-txt', '${BASEDIR}/domains.txt') }}
+
+# Output directory for generated certificates
+{{ get_config('certdir', '${BASEDIR}/certs') }}
+
+# Directory for account keys and registration information
+{{ get_config('accountdir', '${BASEDIR}/accounts') }}
+
+# Output directory for challenge-tokens to be served by webserver or
+# deployed in HOOK (default: /var/www/letsencrypt)
+{{ get_config('wellknown', '/var/www/letsencrypt.sh') }}
 
 # Location of private account key (default: $BASEDIR/private_key.pem)
-{{ get_config('private-key', '${BASEDIR}/private_key.pem') }}
+{{ get_config('account-key', '${BASEDIR}/private_key.pem') }}
 
 # Location of private account registration information (default: $BASEDIR/private_key.json)
-{{ get_config('private-key-json', '${BASEDIR}/private_key.json') }}
+{{ get_config('account-key-json', '${BASEDIR}/private_key.json') }}
 
 # Default keysize for private keys (default: 4096)
 {{ get_config('keysize', '4096') }}
@@ -72,3 +99,6 @@
 
 # Lockfile location, to prevent concurrent access (default: $BASEDIR/lock)
 {{ get_config('lockfile', '${BASEDIR}/lock') }}
+
+# Option to add CSR-flag indicating OCSP stapling to be mandatory (default: no)
+{{ get_config('ocsp-must-staple', 'no') }}

letsencrypt-sh/map.jinja

@@ -9,7 +9,10 @@ Setup variable using grains['os_family'] based logic, only add key:values here
 that differ from whats in defaults.yaml
 ##}
 {% set os_family_map = salt['grains.filter_by']({
-        'Debian': {},
+        'Debian': {
+		'domains_txt': '/etc/letsencrypt.sh/domains.txt',
+		'config_file': '/etc/letsencrypt.sh/conf.d/defaults.sh',
+	},
         'Suse': {},
         'Arch': {},
         'RedHat': {},