See also the module documentation
reload-gitlab:
cmd.run:
- name: gitlab-ctl hup
dev.example.com:
acme.cert:
- aliases:
- gitlab.example.com
- email: acmemaster@example.com
- webroot: /opt/gitlab/embedded/service/gitlab-rails/public
- renew: 14
- fire_event: acme/dev.example.com
- onchanges_in:
- cmd: reload-gitlab
salt.states.acme.
cert
(name, aliases=None, email=None, webroot=None, test_cert=False, renew=None, keysize=None, server=None, owner='root', group='root', mode='0640', certname=None)¶Obtain/renew a certificate from an ACME CA, probably Let's Encrypt.
name -- Common Name of the certificate (DNS name of certificate)
aliases -- subjectAltNames (Additional DNS names on certificate)
email -- e-mail address for interaction with ACME provider
webroot -- True or a full path to webroot. Otherwise use standalone mode
test_cert -- Request a certificate from the Happy Hacker Fake CA (mutually exclusive with 'server')
renew -- True/'force' to force a renewal, or a window of renewal before expiry in days
keysize -- RSA key bits
server -- API endpoint to talk to
owner -- owner of the private key file
group -- group of the private key file
mode -- mode of the private key file
certname -- Name of the certificate to save