I am looking for some advice / help with an issue I am facing in yaml. But it is also puppet related.
I am using a control-repo for my puppet configuration. I am hosting a site of one of my puppet agent VM's. I can get letsencrypt::certonly to work in puppet i.e my letsencrypt.pp file. But, I would like the certonly configuration to be in my .yaml file for my agent VM. The issue is when I run puppet agent on my agent VM the code all runs without any errors. But my SSL certificate is not populated. This should appear in /etc/letsencrypt/live/
. I also check if it exists by using a SSL checker online to see if it had been generated else where It had not. So, from what I can tell this code is not running. Like I said if I have this in my letsencrypt.pp file the SSL cert is generated and all works well.
So, I think I don't have the right code for letsencrypt::certonly for yaml. Any help to correct this for yaml would be really appreciated. My nodes yaml file looks like the following apart from a few redaction's.
---
classes:
- roles::www
# UFW Rules
ufw::rules:
'Allow HTTP':
action: allow
to_ports_app: 80
proto: tcp
'Allow HTTPS':
action: allow
to_ports_app: 443
proto: tcp
# nginx rules
nginx::nginx_servers:
'www.test.domain.com':
server_name: ['test.domain.com']
ipv6_enable: true
ssl: true
http2: 'on'
ipv6_listen_options: ''
ssl_redirect: true
ssl_cert: '/etc/letsencrypt/live/test.domain.com/cert.pem'
ssl_key: '/etc/letsencrypt/live/test.domain.com/privkey.pem'
www_root: '/www-data/www.test.domain.com/'
server_cfg_ssl_append:
ssl_dhparam: '/usr/lib/python3/dist-packages/certbot/ssl-dhparams.pem'
# letsencryot certonly
letsencrypt::certonly:
'test.domain.com':
cert_name: 'test.domain.com'
domains:
- 'test.domain.com'
- '*.test.domain.com'
plugin: dns-cloudflare
manage_cron: false
require:
classes:
- profiles::nginx
# letsencrypt
letsencrypt::email: 'email@email.com'
letsencrypt::plugin::dns_cloudflare::email: 'email@email.com'
It is only the letsencrypt::certonly section of this file that does not seem to be correct / working.
I am using the puppet-letsencrypt module from the Puppet Forge, version 10.0.0, like so:
class profiles::letsencrypt {
package { 'cron':
ensure => installed,
}
class { 'letsencrypt':
config => {
email => 'email@email.com',
server => 'https://acme-v02.api.letsencrypt.org/directory',
},
require => Package['cron'],
}
file { '/etc/letsencrypt/options-ssl-nginx.conf':
ensure => file,
}
file { '/etc/letsencrypt/ssl-dhparams.pem':
ensure => file,
}
include 'letsencrypt'
include 'letsencrypt::plugin::dns_cloudflare'
}