Adoptable Cookbooks List

Looking for a cookbook to adopt? You can now see a list of cookbooks available for adoption!
List of Adoptable Cookbooks

Supermarket Belongs to the Community

Supermarket belongs to the community. While Chef has the responsibility to keep it running and be stewards of its functionality, what it does and how it works is driven by the community. The chef/supermarket repository will continue to be where development of the Supermarket application takes place. Come be part of shaping the direction of Supermarket by opening issues and pull requests or by joining us on the Chef Mailing List.

Select Badges

Select Supported Platforms

RSS

certbot-cdh (1) Versions 0.1.0

Installs/Configures certbot-cdh

Berkshelf/Librarian
Policyfile
Knife
cookbook 'certbot-cdh', '~> 0.1.0'
cookbook 'certbot-cdh', '~> 0.1.0', :supermarket
knife cookbook site install certbot-cdh
knife cookbook site download certbot-cdh
README
Dependencies
Changelog
Quality

certbot-cdh

The certbot-cdh integrates certbot with config-driven-helper sites, to automatically set up and link the SSL certificates to each site.

It by default creates a single certificate shared between each site, adding all ['server_name']s and ['server_aliases'] to the certificate.

It can optionally split up the certificates into separate sites based on site ['ssl']['use_sni'] and ['ssl']['san_group'] settings.

Usage

Add "recipe[certbot-cdh]" to enable it.

Include the following in attributes:

"default_attributes": {
  "certbot": {
    "cert-owner": {
      "email": "devops@inviqa.com"
    }
  },
  "nginx": {
    "shared_config": {
      "<project-name>": {
        "protocols": ["http", "https"],
        "includes_first": [
          "certbot.conf"
        ]
      }
    }
  }
}

Add the following cookbooks to the Berksfile:

cookbook 'config-driven-helper', '~> 2.5'
cookbook 'certbot-cdh', '~> 0.1.0'

Given you have nginx or apache sites defined for example as:

"default_attributes": {
  "nginx": {
    "sites": {
      "mysite1": {
        "server_name": "mysite1.dev",
        "docroot": "/var/www/mysite1/public",
        "inherits": "<project name>"
      },
      "mysite2": {
        "server_name": "mysite2.dev",
        "server_aliases": ['static.mysite2.dev'],
        "docroot": "/var/www/mysite1/public",
        "inherits": "<project name>"
      },
    }
  }
}

This will create letsencrypt cert/chain/fullchain/privkey pem files in:

/etc/letsencrypt/live/mysite1.dev/

The certificate will have SAN domains: mysite1.dev mysite2.dev static.mysite2.dev

Certbot uses the first domain of the certificate's domains as the folder to store them in.

Node attributes for the sites will automatically be set up to point ['ssl']['certfile'], ['ssl']['certchainfile'], and ['ssl]['keyfile'] to the correct pem files for each site.

Where apache will use: ['ssl']['certfile'] = /etc/letsencrypt/live/mysite1.dev/cert.pem ['ssl']['certchainfile'] = /etc/letsencrypt/live/mysite1.dev/chain.pem ['ssl']['keyfile'] = /etc/letsencrypt/live/mysite1.dev/privkey.pem

And nginx will use: ['ssl']['certfile'] = /etc/letsencrypt/live/mysite1.dev/fullchain.pem ['ssl']['keyfile'] = /etc/letsencrypt/live/mysite1.dev/privkey.pem

config-driven-helper::apache-sites and config-driven-helper::nginx-sites will use this to set up their vhost's ssl configuration.

See the spec for examples of using ['ssl']['use_sni'] and ['ssl']['san_group'] to split up the certificates per config-driven-helper site.

Contributing

  1. Fork the repository on Github
  2. Create a named feature branch (like add_component_x)
  3. Write you change
  4. Write tests for your change (if applicable)
  5. Run the tests, ensuring they all pass
  6. Submit a Pull Request using Github

Supermarket share

stove is used to create git tags and publish the cookbook on supermarket.chef.io.

To tag/publish you need to be a contributor to the cookbook on Supermarket and run:

$ stove login --username <your username> --key ~/.chef/<your username>.pem
$ rake publish

It will take the version defined in metadata.rb, create a tag, and push the cookbook to http://supermarket.chef.io/cookbooks/certbot-cdh

License and Authors

  • Author:: Andy Thompson
  • Author:: Felicity Ratcliffe
Copyright:: 2016 The Inviqa Group Ltd

See LICENSE file

Dependent cookbooks

certbot ~> 0.1.0
config-driven-helper ~> 2.5

Contingent cookbooks

There are no cookbooks that are contingent upon this one.

0.1.0 (unreleased)

  • Initial release

Collaborator Number Metric
            

0.1.0 failed this metric

Failure: Cookbook has 1 collaborators. A cookbook must have at least 2 collaborators to pass this metric.

Contributing File Metric
            

0.1.0 failed this metric

Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a CONTRIBUTING.md file

Foodcritic Metric
            

0.1.0 failed this metric

FC022: Resource condition within loop may not behave as expected: certbot-cdh/recipes/default.rb:40
Run with Foodcritic Version 11.1.0 with tags metadata,correctness ~FC031 ~FC045 and failure tags any

License Metric
            

0.1.0 failed this metric

certbot-cdh does not have a valid open source license.
Acceptable licenses include Apache-2.0, apachev2, Apache 2.0, MIT, mit, GPL-2.0, gplv2, GNU Public License 2.0, GPL-3.0, gplv3, GNU Public License 3.0.

No Binaries Metric
            

0.1.0 passed this metric

Publish Metric
            

0.1.0 passed this metric

Supported Platforms Metric
            

0.1.0 failed this metric

certbot-cdh should declare what platform(s) it supports.

Testing File Metric
            

0.1.0 failed this metric

Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file

Version Tag Metric
            

0.1.0 passed this metric