This module currently looks for certbot script in the $PATH as - certbot, - lestsencrypt, - certbot-auto, - letsencrypt-auto eventually falls back to /opt/letsencrypt/letsencrypt-auto
Note
Installation & configuration of the Let's Encrypt client can for example be done using https://github.com/saltstack-formulas/letsencrypt-formula
Warning
Be sure to set at least accept-tos = True in cli.ini!
Most parameters will fall back to cli.ini defaults if None is given.
This module currently supports the CloudFlare certbot DNS plugin. The DNS
plugin credentials file needs to be passed in using the
dns_plugin_credentials
argument.
Make sure the appropriate certbot plugin for the wanted DNS provider is installed before using this module.
salt.modules.acme.
cert
(name, aliases=None, email=None, webroot=None, test_cert=False, renew=None, keysize=None, server=None, owner='root', group='root', mode='0640', certname=None, preferred_challenges=None, tls_sni_01_port=None, tls_sni_01_address=None, http_01_port=None, http_01_address=None, dns_plugin=None, dns_plugin_credentials=None)¶Obtain/renew a certificate from an ACME CA, probably Let's Encrypt.
Parameters: |
|
---|---|
Return type: | |
Returns: | Dictionary with 'result' True/False/None, 'comment' and certificate's expiry date ('not_after') |
CLI example:
salt 'gitlab.example.com' acme.cert dev.example.com "[gitlab.example.com]" test_cert=True renew=14 webroot=/opt/gitlab/embedded/service/gitlab-rails/public
salt.modules.acme.
certs
()¶Return a list of active certificates
CLI example:
salt 'vhost.example.com' acme.certs
salt.modules.acme.
expires
(name)¶The expiry date of a certificate in ISO format
Parameters: | name (str) -- CommonName of certificate |
---|---|
Return type: | str |
Returns: | Expiry date in ISO format. |
CLI example:
salt 'gitlab.example.com' acme.expires dev.example.com
salt.modules.acme.
has
(name)¶Test if a certificate is in the Let's Encrypt Live directory
Parameters: | name (str) -- CommonName of certificate |
---|---|
Return type: | bool |
Code example:
if __salt__['acme.has']('dev.example.com'):
log.info('That is one nice certificate you have there!')
salt.modules.acme.
info
(name)¶Return information about a certificate
Parameters: | name (str) -- CommonName of certificate |
---|---|
Return type: | dict |
Returns: | Dictionary with information about the certificate.
If neither the tls nor the x509 module can be used to determine
the certificate information, the information will be retrieved as one
big text block under the key text using the openssl cli. |
CLI example:
salt 'gitlab.example.com' acme.info dev.example.com
salt.modules.acme.
needs_renewal
(name, window=None)¶Check if a certificate needs renewal
Parameters: |
|
---|---|
Return type: | |
Returns: | Whether or not the certificate needs to be renewed. |
Code example:
if __salt__['acme.needs_renewal']('dev.example.com'):
__salt__['acme.cert']('dev.example.com', **kwargs)
else:
log.info('Your certificate is still good')
salt.modules.acme.
renew_by
(name, window=None)¶Date in ISO format when a certificate should first be renewed
Parameters: | |
---|---|
Return type: | |
Returns: | Date of certificate renewal in ISO format. |
Docs for previous releases are available on readthedocs.org.
Latest Salt release: latest_release