puppet-letsencrypt
puppet-letsencrypt copied to clipboard
Published
20 hours ago •
voxpupuli
voxpupuli
No certificate issued
Affected Puppet, Ruby, OS and module versions/distributions
- Puppet: 8.6.0
- Ruby: ruby 3.0.2p107 (2021-07-07 revision 0db68f0233) [x86_64-linux-gnu]
- Distribution:
- Distributor ID: Ubuntu
- Description: Ubuntu 22.04.4 LTS
- Release: 22.04
- Codename: jammy
- Module version: 11.0.0
- certbot version: 1.21.0
How to reproduce (e.g Puppet code you use)
letsencrypt::config::email: '[email protected]'
letsencrypt::config::server: 'https://acme-staging-v02.api.letsencrypt.org/directory'
letsencrypt::agree_tos: true
letsencrypt::unsafe_registration: false
letsencrypt::config_dir: '/etc/letsencrypt'
letsencrypt::package_ensure: 'latest'
letsencrypt::plugin::webroot: true
letsencrypt::renew_cron_ensure: 'present'
letsencrypt::renew_cron_minute: 0
letsencrypt::renew_cron_hour: 6
letsencrypt::renew_cron_monthday: '1-31/2'
letsencrypt::renew_deploy_hook_commands:
- '/usr/bin/systemctl reload nginx'
letsencrypt::certonly:
'servername.domain.tld':
ensure: present
plugin: 'standalone'
domains: ['servername.domain.tld']
cert_name: 'servername.domain.tld'
What are you seeing
If I change for instance "unsafe_registration" the cli.ini is updated, so the module is entred. But no new certificate is issued.
What behaviour did you expect instead
I expected a cert to be issued for servername.domain.tld
Output log
# puppet agent -t --debug|grep letsencrypt
Debug: Loading facts from /opt/puppetlabs/puppet/cache/lib/facter/letsencrypt_directory.rb
Debug: Facter: custom fact letsencrypt_directory was resolved from: /opt/puppetlabs/puppet/cache/lib/facter/letsencrypt_directory.rb:6
Debug: Facter: fact "letsencrypt_directory" has resolved to: {}
Debug: /Package[letsencrypt]: Provider apt does not support features targetable; not managing attribute command
Debug: /Package[letsencrypt]: Provider apt does not support features install_only; not managing attribute install_only
Debug: /Stage[main]/Letsencrypt::Config/Ini_setting[/etc/letsencrypt/cli.ini server https://acme-v02.api.letsencrypt.org/directory]/require: require to File[/etc/letsencrypt]
Debug: /Stage[main]/Letsencrypt::Config/Ini_setting[/etc/letsencrypt/cli.ini email [email protected]]/require: require to File[/etc/letsencrypt]
Debug: /Stage[main]/Letsencrypt::Renew/Letsencrypt::Hook[renew-deploy]/File[/etc/letsencrypt/renewal-hooks-puppet/renew-deploy.sh]/require: require to File[letsencrypt-renewal-hooks-puppet]
Debug: /Stage[main]/Letsencrypt::Config/Ini_setting[/etc/letsencrypt/cli.ini register-unsafely-without-email true]: Adding autorequire relationship with File[/etc/letsencrypt]
Debug: /Stage[main]/Letsencrypt::Renew/File[letsencrypt-renewal-hooks-puppet]: Adding autorequire relationship with File[/etc/letsencrypt]
Debug: /Stage[main]/Letsencrypt::Config/Ini_setting[/etc/letsencrypt/cli.ini register-unsafely-without-email true]: Nothing to manage: no ensure and the resource doesn't exist
