cookbook 'certbot-cdh', '~> 0.3.0'
certbot-cdh (4) Versions 0.3.0 Follow0
Installs/Configures certbot-cdh
cookbook 'certbot-cdh', '~> 0.3.0', :supermarket
knife supermarket install certbot-cdh
knife supermarket download certbot-cdh
certbot-cdh
The certbot-cdh integrates certbot with config-driven-helper sites, to automatically
set up and link the SSL certificates to each site.
It by default creates a single certificate shared between each site, adding all
['server_name']s and ['server_aliases'] to the certificate.
It can optionally split up the certificates into separate sites based on site
['ssl']['use_sni'] and ['ssl']['san_group'] settings.
Usage
Add "recipe[certbot-cdh]"
to enable it.
Include the following in attributes:
"default_attributes": { "certbot": { "cert-owner": { "email": "devops@inviqa.com" } }, "nginx": { "shared_config": { "<project-name>": { "protocols": ["http", "https"], "includes_first": [ "certbot.conf" ] } } } }
Add the following cookbooks to the Berksfile:
cookbook 'config-driven-helper', '~> 2.5' cookbook 'certbot-cdh', '~> 0.1.0'
Given you have nginx or apache sites defined for example as:
"default_attributes": { "nginx": { "sites": { "mysite1": { "server_name": "mysite1.dev", "docroot": "/var/www/mysite1/public", "inherits": "<project name>" }, "mysite2": { "server_name": "mysite2.dev", "server_aliases": ['static.mysite2.dev'], "docroot": "/var/www/mysite1/public", "inherits": "<project name>" }, } } }
This will create letsencrypt cert/chain/fullchain/privkey pem files in:
/etc/letsencrypt/live/mysite1.dev/
The certificate will have SAN domains:
mysite1.dev
mysite2.dev
static.mysite2.dev
Certbot uses the first domain of the certificate's domains as the folder to store
them in.
Node attributes for the sites will automatically be set up to point ['ssl']['certfile'],
['ssl']['certchainfile'], and ['ssl]['keyfile'] to the correct pem files for
each site.
Where apache will use:
['ssl']['certfile'] = /etc/letsencrypt/live/mysite1.dev/cert.pem
['ssl']['certchainfile'] = /etc/letsencrypt/live/mysite1.dev/chain.pem
['ssl']['keyfile'] = /etc/letsencrypt/live/mysite1.dev/privkey.pem
And nginx will use:
['ssl']['certfile'] = /etc/letsencrypt/live/mysite1.dev/fullchain.pem
['ssl']['keyfile'] = /etc/letsencrypt/live/mysite1.dev/privkey.pem
config-driven-helper::apache-sites and config-driven-helper::nginx-sites will
use this to set up their vhost's ssl configuration.
See the spec for examples of using ['ssl']['use_sni'] and ['ssl']['san_group']
to split up the certificates per config-driven-helper site.
Contributing
- Fork the repository on Github
- Create a named feature branch (like
add_component_x
) - Write you change
- Write tests for your change (if applicable)
- Run the tests, ensuring they all pass
- Submit a Pull Request using Github
Supermarket share
stove is used to create git tags and
publish the cookbook on supermarket.chef.io.
To tag/publish you need to be a contributor to the cookbook on Supermarket and
run:
$ stove login --username --key ~/.chef/.pem
$ rake publish
It will take the version defined in metadata.rb, create a tag, and push the
cookbook to http://supermarket.chef.io/cookbooks/certbot-cdh
License and Authors
- Author:: Andy Thompson
- Author:: Felicity Ratcliffe
Copyright:: 2016 The Inviqa Group Ltd See LICENSE file
Dependent cookbooks
config-driven-helper >= 2.5.0 |
certbot ~> 0.1 |
Contingent cookbooks
There are no cookbooks that are contingent upon this one.
0.2.1 (9th November 2018)
- Fix deleting the provisioned certificates each chef run.
0.2.0 (30th October 2018)
- Support config-driven-helper version 3
0.1.0 (10th August 2016)
- Initial release
Collaborator Number Metric
0.3.0 failed this metric
Failure: Cookbook has 1 collaborators. A cookbook must have at least 2 collaborators to pass this metric.
Contributing File Metric
0.3.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a CONTRIBUTING.md file
Foodcritic Metric
0.3.0 failed this metric
FC022: Resource condition within loop may not behave as expected: certbot-cdh/recipes/default.rb:40
Run with Foodcritic Version 16.3.0 with tags metadata,correctness ~FC031 ~FC045 and failure tags any
No Binaries Metric
0.3.0 passed this metric
Testing File Metric
0.3.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file
Version Tag Metric
0.3.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number
0.3.0 failed this metric
0.3.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a CONTRIBUTING.md file
Foodcritic Metric
0.3.0 failed this metric
FC022: Resource condition within loop may not behave as expected: certbot-cdh/recipes/default.rb:40
Run with Foodcritic Version 16.3.0 with tags metadata,correctness ~FC031 ~FC045 and failure tags any
No Binaries Metric
0.3.0 passed this metric
Testing File Metric
0.3.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file
Version Tag Metric
0.3.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number
0.3.0 failed this metric
Run with Foodcritic Version 16.3.0 with tags metadata,correctness ~FC031 ~FC045 and failure tags any
0.3.0 passed this metric
Testing File Metric
0.3.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file
Version Tag Metric
0.3.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number
0.3.0 failed this metric
0.3.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number