See also the module documentation
reload-gitlab: cmd.run: - name: gitlab-ctl hup dev.example.com: acme.cert: - aliases: - gitlab.example.com - email: firstname.lastname@example.org - webroot: /opt/gitlab/embedded/service/gitlab-rails/public - renew: 14 - fire_event: acme/dev.example.com - onchanges_in: - cmd: reload-gitlab
cert(name, aliases=None, email=None, webroot=None, test_cert=False, renew=None, keysize=None, server=None, owner='root', group='root', mode='0640', certname=None, preferred_challenges=None, tls_sni_01_port=None, tls_sni_01_address=None, http_01_port=None, http_01_address=None, dns_plugin=None, dns_plugin_credentials=None)¶
Obtain/renew a certificate from an ACME CA, probably Let's Encrypt.
name -- Common Name of the certificate (DNS name of certificate)
aliases -- subjectAltNames (Additional DNS names on certificate)
email -- e-mail address for interaction with ACME provider
webroot -- True or a full path to webroot. Otherwise use standalone mode
test_cert -- Request a certificate from the Happy Hacker Fake CA (mutually exclusive with 'server')
renew -- True/'force' to force a renewal, or a window of renewal before expiry in days
keysize -- RSA key bits
server -- API endpoint to talk to
owner -- owner of the private key file
group -- group of the private key file
mode -- mode of the private key file
certname -- Name of the certificate to save
preferred_challenges -- A sorted, comma delimited list of the preferred challenge to use during authorization with the most preferred challenge listed first.
tls_sni_01_port -- Port used during tls-sni-01 challenge. This only affects the port Certbot listens on. A conforming ACME server will still attempt to connect on port 443.
tls_sni_01_address -- The address the server listens to during tls-sni-01 challenge.
http_01_port -- Port used in the http-01 challenge. This only affects the port Certbot listens on. A conforming ACME server will still attempt to connect on port 80.
https_01_address -- The address the server listens to during http-01 challenge.
dns_plugin -- Name of a DNS plugin to use (currently only 'cloudflare')
dns_plugin_credentials -- Path to the credentials file if required by the specified DNS plugin