salt.states.acme module

ACME / Let's Encrypt certificate management state

See also the module documentation

reload-gitlab:
  cmd.run:
    - name: gitlab-ctl hup

dev.example.com:
  acme.cert:
    - aliases:
      - gitlab.example.com
    - email: acmemaster@example.com
    - webroot: /opt/gitlab/embedded/service/gitlab-rails/public
    - renew: 14
    - fire_event: acme/dev.example.com
    - onchanges_in:
      - cmd: reload-gitlab
salt.states.acme.cert(name, aliases=None, email=None, webroot=None, test_cert=False, renew=None, keysize=None, server=None, owner='root', group='root', mode='0640', certname=None)

Obtain/renew a certificate from an ACME CA, probably Let's Encrypt.

Parameters:
  • name -- Common Name of the certificate (DNS name of certificate)
  • aliases -- subjectAltNames (Additional DNS names on certificate)
  • email -- e-mail address for interaction with ACME provider
  • webroot -- True or a full path to webroot. Otherwise use standalone mode
  • test_cert -- Request a certificate from the Happy Hacker Fake CA (mutually exclusive with 'server')
  • renew -- True/'force' to force a renewal, or a window of renewal before expiry in days
  • keysize -- RSA key bits
  • server -- API endpoint to talk to
  • owner -- owner of the private key file
  • group -- group of the private key file
  • mode -- mode of the private key file
  • certname -- Name of the certificate to save

Generated on February 25, 2019 at 06:53:47 MST.

You are viewing docs for the previous stable release, 2017.7.8. Switch to docs for the latest stable release, 2018.3.3, or to a recent doc build from the develop branch.


saltstack.com

© 2019 SaltStack. All Rights Reserved, SaltStack Inc. | Privacy Policy