Menu

Chef Supermarket

Adoptable Cookbooks List

Looking for a cookbook to adopt? You can now see a list of cookbooks available for adoption!
List of Adoptable Cookbooks

Supermarket Belongs to the Community

Supermarket belongs to the community. While Chef has the responsibility to keep it running and be stewards of its functionality, what it does and how it works is driven by the community. The chef/supermarket repository will continue to be where development of the Supermarket application takes place. Come be part of shaping the direction of Supermarket by opening issues and pull requests or by joining us on the Chef Mailing List.

View our collection of guides, documentation, and articles

Cookbooks
Advanced Options

Select Badges

Select Supported Platforms

Select Status

RSS

certbot-exec (3) Versions 0.1.2

Installs/Configures certbot-exec

Policyfile
Berkshelf
Knife 
cookbook 'certbot-exec', '~> 0.1.2', :supermarket
cookbook 'certbot-exec', '~> 0.1.2'
knife supermarket install certbot-exec
knife supermarket download certbot-exec
README
Dependencies
Changelog
Quality 33%

certbot-exec

This library cookbook aims to provide a unified interface for interacting with the certbot cli utility for generating and renewing Let's Encrypt ssl certificates.

As it is a library cookbook, it does not provide cookbooks to be included in your run-list (in fact, certbot-exec::default will warn you as such if it doesn't already).

If you are looking to get started quickly, skip to the Getting Started however, you might find the [Design](doc/DESIGN.md) documentation enlightening as this is not a cookbook designed to be consumed directly.

Plugins

certbot_exec is designed to work with plugins. Refer to [Extending](doc/DESIGN.md#extending) on information on how to write your own plugin.

Getting Started

Include in certbot-exec in your Metadata

Include in your metadata.rb

metadata.rb

depends 'certbot-exec'

Set required attributes

  • default['certbot-exec']['agree_to_tos'] - you must set this true to denote your acceptance of LetsEncrypt TOS, documented here (PDF link warning).
  • default['certbot-exec']['email'] - Email to use with LetsEncrypt.

Use certbot_exec Resource

certbot_exec can be called multiple times. This will only result in one execution of certbot.

Note: The certbot utility will be executed at the first instance of certbot_exec in the run list (order matters!)

certbot_exec 'bar.com'

certbot_exec 'foo.example.com' do
  extra_args '--help'
  case node[:platform]
  when 'redhat', 'centos'
    packages 'python2-certbot-dns-cloudflare'
  when 'ubuntu', 'debian'
    packages 'python3-certbot-dns-cloudflare'
  end
  post_hook 'systemctl restart theinternet'
end

certbot_exec 'baz.example.com' do
  post_hook 'systemctl restart httpd'
end

This would result in an apt install certbot python3-certbot-dns-cloudflare. for the package resource. (instead of two invocations of apt)

also a certbot cli:

certbot ... -d bar.com,foo.example.com,baz.example.com ... --post-hook 'systemctl restart theinternet' --post-hook 'systemctl restart httpd' ... --help

Resources

This cookbook provides three custom resources that are then wrapped in the certbot_exec resource.

certbot_exec

Properties

  • domains - [String,Array] - list of domains to generate SSL certificate.
  • post_hook - [String,Array] - list of commands for certbot to execute after successfully generating a new certificate.
  • extra_args - [String,Array] - list of additional arguments to pass to certbot.
  • packages - [String,Array] - list of packages to install.
  • force - [True,False] - defaults to false, if set to true will not validate cert and execute certbot.

Actions

  • :run - setup certbot repo, install package, execute certbot.

Usage Example

certbot_exec 'foo.com'
certbot_exec 'foo.com', 'bar.com'

certbot_exec 'execute-certbot' do
  domains 'foo.com'
  post_hook 'service nginx restart'
  extra_args '--help'
  action :install
end

certbot_exec 'execute-certbot-with-multiple-domains' do
  domains %w(foo.com bar.com example.foo.com example2.foo.com)
  post_hook ['service nginx restart', 'service redis restart']
  extra_args ['--someflag true', '--help']
  case node['platform']
  when 'redhat', 'centos'
    packages 'python2-certbot-dns-cloudflare'
  when 'ubuntu', 'debian'
    packages 'python3-certbot-dns-cloudflare'
  end
  action :install
end

certbot_repo

This resource adds the certbot ppa on Ubuntu or includes yum-epel on CentOS/RHEL. It takes no parameters. The default action is :create.

Actions

  • :create - create certbot repo

Usage Example

certbot_repo 'certbot-repo'

certbot_repo 'certbot-repo-with-action' do
  action :create
end

certbot_pkg

This resource installs packages. It takes a list of packages to install. The default and only action is :install. The intent was to provide an interface to install additional packages, but it doesn't quite seem to work as expected...

Properties

  • packages - [String,Array] - list of packages to install.

Actions

  • :install - install packages.

Usage Example

certbot_pkg 'certbot'

certbot_pkg ['certbot', 'openssl']

certbot_pkg 'certbot-packages' do
  packages ['certbot', 'openssl']
  action :install
end

certbot_cmd

This resurce executes the certbot CLI command. By default it attempts to validate the certificates in /etc/letsencrypt/live and executes if a valid cert isn't found.

Actions

  • :exec - Validate cert and execute.
  • :force_exec - Execute regardless if valid cert is found.

Properties

  • domains - [String,Array] - list of domains to generate SSL certificate.
  • post_hook - [String,Array] - list of commands for certbot to execute after successfully generating a new certificate.
  • extra_args - [String,Array] - list of additional arguments to pass to certbot.
  • force - [True,False]- defaults to false, if set to true will not validate cert and executecertbot`.

Usage Example

certbot_cmd 'foo.com'
certbot_cmd 'foo.com', 'bar.com'

certbot_cmd 'execute-certbot' do
  domains 'foo.com'
  post_hook 'service nginx restart'
  extra_args '--help'
  action :force_exec
end

certbot_cmd 'execute-certbot-with-multiple-domains' do
  domains %w(foo.com bar.com example.foo.com example2.foo.com)
  post_hook ['service nginx restart', 'service redis restart']
  extra_args ['--someflag true', '--help']
  action :exec
end

Dependent cookbooks

ohai >= 0.0.0
yum-epel >= 0.0.0

Contingent cookbooks

There are no cookbooks that are contingent upon this one.

certbot-exec CHANGELOG

This file is used to list changes made in each version of the certbot-exec cookbook.

0.1.2

  • Fix ohai plugin so that it works.

0.1.1

  • Add package_list function to enable "hooking" into to add packages to be installed.

0.1.0

Initial release.

Collaborator Number Metric 
            
0.1.2 failed this metric
Failure: Cookbook has 0 collaborators. A cookbook must have at least 2 collaborators to pass this metric.

Contributing File Metric 
            
0.1.2 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a CONTRIBUTING.md file

Foodcritic Metric 
            
0.1.2 passed this metric

No Binaries Metric 
            
0.1.2 passed this metric

Testing File Metric 
            
0.1.2 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file

Version Tag Metric 
            
0.1.2 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number

Qubit Renegade Qubit Renegade

Details

View Source View Issues

Updated August 20, 2019 Created on

Supported Platforms

  • centos >= 0.0.0
  • ubuntu >= 0.0.0

License

MIT

Download Cookbook