{"id":19715657,"url":"https://github.com/pgassmann/puppet-letsencrypt","last_synced_at":"2025-06-10T23:39:30.292Z","repository":{"id":57670289,"uuid":"46750608","full_name":"pgassmann/puppet-letsencrypt","owner":"pgassmann","description":"Let's Encrypt Puppet Module","archived":false,"fork":false,"pushed_at":"2015-12-05T00:03:03.000Z","size":20,"stargazers_count":7,"open_issues_count":1,"forks_count":1,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-05-17T16:09:33.389Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Ruby","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/pgassmann.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2015-11-23T21:59:19.000Z","updated_at":"2018-05-15T12:04:01.000Z","dependencies_parsed_at":"2022-09-26T20:40:58.165Z","dependency_job_id":null,"html_url":"https://github.com/pgassmann/puppet-letsencrypt","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pgassmann%2Fpuppet-letsencrypt","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pgassmann%2Fpuppet-letsencrypt/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pgassmann%2Fpuppet-letsencrypt/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pgassmann%2Fpuppet-letsencrypt/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/pgassmann","download_url":"https://codeload.github.com/pgassmann/puppet-letsencrypt/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pgassmann%2Fpuppet-letsencrypt/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":259172111,"owners_count":22816514,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-11T22:39:02.524Z","updated_at":"2025-06-10T23:39:30.265Z","avatar_url":"https://github.com/pgassmann.png","language":"Ruby","funding_links":[],"categories":[],"sub_categories":[],"readme":"# letsencrypt\n\n#### Table of Contents\n\n1. [Overview](#overview)\n2. [Module Description - What the module does and why it is useful](#module-description)\n3. [Setup - The basics of getting started with letsencrypt](#setup)\n * [What letsencrypt affects](#what-letsencrypt-affects)\n * [Setup requirements](#setup-requirements)\n * [Beginning with letsencrypt](#beginning-with-letsencrypt)\n4. [Usage - Configuration options and additional functionality](#usage)\n5. [Reference - An under-the-hood peek at what the module is doing and how](#reference)\n5. [Limitations - OS compatibility, etc.](#limitations)\n6. [Development - Guide for contributing to the module](#development)\n\n## Overview\n\nThe goal of [Let's Encrypt](https://letsencrypt.org) is to automate ssl certificates.\nThe tool to automate server configuration is Puppet.\nThis module bridges the two efforts.\n\nWARNING! This module is not ready yet!\n\n## Module Description\n\nThe goal of this module is to enable ssl on puppet managed resources like nginx_vhosts as\nsimple as possible. The module reuses the domains configured in the vhost server_name\n\nFor the authorization, the webroot challenge is used and a custom location is\nautomatically added to the ngninx vhost so that the challenge path is using\nthe letsencrypt webroot.\nThis allows to solve the challenge even if the vhost is just a proxy to another server.\n\n## Setup\n\n### What letsencrypt affects\n\nWARNING! This module is not ready yet!\n\nTODO\n\n* A list of files, packages, services, or operations that the module will alter,\n impact, or execute on the system it's installed on.\n* This is a great place to stick any warnings.\n* Can be in list or paragraph form.\n\n### Setup Requirements **OPTIONAL**\n\nRequests to Port 80 (and 433) of the IPv4 address of the domains to encrypt need to reach your server.\n\n### Beginning with letsencrypt\n\nSee the following example for encrypting a nginx vhost.\nThis will successfully configure nginx, the vhost and the ssl certificat in one run, if added to a blank Server.\n\nImportant: You should declare letsencrypt resources after the nginx resources.\nThe fetching of the configured domains is parse order dependent.\n\n\n#### Let's encrypt nginx vhost\n class{'nginx':\n nginx_vhosts =\u003e {\n 'letsencrypt-test1.example.com' =\u003e {\n server_name =\u003e [\n 'letsencrypt-test1.example.com',\n 'letsencrypt-test2.example.com',\n ],\n proxy =\u003e 'http://10.1.2.3',\n ssl =\u003e true,\n rewrite_to_https =\u003e true,\n ssl_key =\u003e '/etc/letsencrypt/live/letsencrypt-test1.example.com/privkey.pem',\n ssl_cert =\u003e '/etc/letsencrypt/live/letsencrypt-test1.example.com/fullchain.pem',\n\n },\n },\n }\n class { 'letsencrypt':\n email =\u003e 'email@example.com',\n agree_tos =\u003e true\n firstrun_webroot =\u003e '/usr/share/nginx/html'\n nginx_vhosts =\u003e {\n 'letsencrypt-test1.example.com' =\u003e {}\n }\n }\n\nTo add ssl configuration to an existing installation, you need first to configure the nginx_locations\nfor your default vhost and your existing vhost.\n\n class { 'letsencrypt':\n email =\u003e 'email@example.com',\n agree_tos =\u003e true\n nginx_locations =\u003e {\n 'default' =\u003e {}\n 'letsencrypt-test1.example.com' =\u003e {}\n }\n }\n\nIf this is applied successfully, you can then add the ssl configuration to your nginx vhost as above and declare your letsencrypt::nginx::vhost\n\n#### Hiera example\n\n classes:\n - nginx\n - letsencrypt\n\n nginx::nginx_vhosts:\n 'letsencrypt-test1.example.com':\n server_name:\n - 'letsencrypt-test1.example.com'\n - 'letsencrypt-test2.example.com'\n proxy: 'http://10.1.2.3'\n ssl: true\n rewrite_to_https: true\n ssl_key: '/etc/letsencrypt/live/letsencrypt-test1.example.com/privkey.pem'\n ssl_cert: '/etc/letsencrypt/live/letsencrypt-test1.example.com/fullchain.pem'\n\n letsencrypt::email: 'email@example.com'\n letsencrypt::agree_tos: true\n letsencrypt::firstrun_webroot: '/usr/share/nginx/html'\n letsencrypt::nginx_vhosts:\n 'letsencrypt-test1.example.com': {}\n\n\n## Usage\n\nTODO\n\nPut the classes, types, and resources for customizing, configuring, and doing\nthe fancy stuff with your module here.\n\n## Reference\n\nTODO\n\nHere, list the classes, types, providers, facts, etc contained in your module.\nThis section should include all of the under-the-hood workings of your module so\npeople know what the module is touching on their system but don't need to mess\nwith things. (We are working on automating this section!)\n\n### Class: letsencrypt\n\nLet's Encrypt base configuration and hiera interface.\n\n#### Parameters\n\n[*email*]\n Required, email-address for registration and key recovery\n\n[*agree_tos*]\n Required true, Please read the Terms of Service at\n https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf.\n You must agree in order to register with the ACME\n server at https://acme-v01.api.letsencrypt.org/directory\n\n[*server*]\n ACME Server, defaults to staging instance. For Production use\n set it to 'https://acme-v01.api.letsencrypt.org/directory'\n\n[*webroot*]\n This directory is configured as webroot for the webroot authentication\n locations added to the vhost to allow renewals\n\n[*firstrun_webroot*]\n Use different webroot on first run.\n Set this to the default webroot of the webserver if the service\n starts automatically when installed.\n E.g. Nginx on Ubuntu: /usr/share/nginx/html\n\n[*firstrun_standalone*]\n Use standalone mode on first run.\n Set this to true if the webserver does not start automatically when installed.\n letsencrypt will use standalone mode to get the certificate\n before the webserver is started the first time.\n\n[*rsa_key_size*], [*work_dir*], [*logs_dir*],\n Configruation options for letsencrypt cli.ini\n\n[*nginx_locations*], [*nginx_vhosts*], [*exec_standalone*], [*exec_webroot*]\n These Parameters can be used to create instances of these defined types through hiera\n\n## Limitations\n\nCurrently I only did basic testing on Ubuntu with the above hiera configuration\n\n## Development\n\nRun `bundle exec rake` to execute the spec tests. There are already some basic tests for each class and define, but not all options are covered.\n\n## Release Notes\n\nIf you aren't using changelog, put your release notes here (though you should\nconsider using changelog). You may also add any additional sections you feel are\nnecessary or important to include here. Please use the `## ` header.\n\n## Contributors\n\n* Philipp Gassmann \u003cphiphi@phiphi.ch\u003e\n\n## TODO \u0026 Ideas\n\n* More Documentation\n* More Testing\n* Other install method\n* Native ruby provider to get certificate? (https://github.com/unixcharles/acme-client)\n* Use this simpler, small python client? (https://github.com/diafygi/acme-tiny)\n* Automatically configure SSL certificate and key on the vhost\n* Renewal management\n* Add Domains to existing Certificates\n* Fix Firstrun mode Success\n* Support for Apache\n* Support for RedHat, CentOS etc.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpgassmann%2Fpuppet-letsencrypt","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpgassmann%2Fpuppet-letsencrypt","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpgassmann%2Fpuppet-letsencrypt/lists"}