Letsencrypt certonly does not seem to run in yaml

I am looking for some advice / help with an issue I am facing in yaml. But it is also puppet related.

I am using a control-repo for my puppet configuration. I am hosting a site of one of my puppet agent VM's. I can get letsencrypt::certonly to work in puppet i.e my letsencrypt.pp file. But, I would like the certonly configuration to be in my .yaml file for my agent VM. The issue is when I run puppet agent on my agent VM the code all runs without any errors. But my SSL certificate is not populated. This should appear in /etc/letsencrypt/live/. I also check if it exists by using a SSL checker online to see if it had been generated else where It had not. So, from what I can tell this code is not running. Like I said if I have this in my letsencrypt.pp file the SSL cert is generated and all works well.

So, I think I don't have the right code for letsencrypt::certonly for yaml. Any help to correct this for yaml would be really appreciated. My nodes yaml file looks like the following apart from a few redaction's.

   - roles::www

# UFW Rules
  'Allow HTTP':
    action: allow
    to_ports_app: 80
    proto: tcp
  'Allow HTTPS':
    action: allow
    to_ports_app: 443
    proto: tcp

# nginx rules
    server_name: ['test.domain.com']
    ipv6_enable: true
    ssl: true
    http2: 'on'
    ipv6_listen_options: ''
    ssl_redirect: true
    ssl_cert: '/etc/letsencrypt/live/test.domain.com/cert.pem' 
    ssl_key: '/etc/letsencrypt/live/test.domain.com/privkey.pem' 
    www_root: '/www-data/www.test.domain.com/' 
    ssl_dhparam: '/usr/lib/python3/dist-packages/certbot/ssl-dhparams.pem'

# letsencryot certonly
      cert_name: 'test.domain.com'
        - 'test.domain.com'
        - '*.test.domain.com'
      plugin: dns-cloudflare
      manage_cron: false
          - profiles::nginx
# letsencrypt
letsencrypt::email: 'email@email.com'
letsencrypt::plugin::dns_cloudflare::email: 'email@email.com'

It is only the letsencrypt::certonly section of this file that does not seem to be correct / working.

I am using the puppet-letsencrypt module from the Puppet Forge, version 10.0.0, like so:

class profiles::letsencrypt {

  package { 'cron':
    ensure => installed,

  class { 'letsencrypt':
    config  => {
      email  => 'email@email.com',
      server => 'https://acme-v02.api.letsencrypt.org/directory',
    require => Package['cron'],

  file { '/etc/letsencrypt/options-ssl-nginx.conf':
    ensure => file,

  file { '/etc/letsencrypt/ssl-dhparams.pem':
    ensure => file,
  include 'letsencrypt'
  include 'letsencrypt::plugin::dns_cloudflare'

Hello @sheikhimmu, welcome to the Let's Encrypt community. :slightly_smiling_face:

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

Thank you for assisting us in helping YOU!

1 Like

Does your system have no log or do you not know where it is? You're going to need that to investigate what's happening (or not happening).


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.