Page MenuHomeDevCentral

Generate Let's encrypt certificates
ClosedPublic

Authored by dereckson on Apr 27 2017, 15:13.

Details

Summary

Automate the certbot certonly code

Test Plan

Test on Eglide

Diff Detail

Repository
rOPS Nasqueron Operations
Lint
Automatic diff as part of commit; lint not applicable.
Unit
Automatic diff as part of commit; unit tests not applicable.

Event Timeline

dereckson created this revision.Apr 27 2017, 15:13
dereckson updated this revision to Diff 2469.Apr 27 2017, 15:38

Configure Let's encrypt

Software part checked and working fine.

dereckson updated this revision to Diff 2470.Apr 27 2017, 16:20

Tweak configuration, remove RSA 4096 bits (timeouts on Eglide)

This revision was automatically updated to reflect the committed changes.
dereckson reopened this revision.Apr 27 2017, 16:46

Closed by a commit to a non master branch (I committed a production branch to reflect current state used in production pending code review, and pushed before to configure the repository in Phabricator to only autoclose for master branch).

$ salt eglide state.apply roles/core/letsencrypt/certificates

----------
          ID: certificate_www.eglide.org
    Function: cmd.run
        Name: certbot certonly -d www.eglide.org
      Result: True
     Comment: unless execution succeeded
     Started: 16:09:37.579363
    Duration: 42.949 ms
     Changes:   
----------
          ID: certificate_robot.paysannerebelle.com
    Function: cmd.run
        Name: certbot certonly -d robot.paysannerebelle.com
      Result: True
     Comment: Command "certbot certonly -d robot.paysannerebelle.com" run
     Started: 16:09:37.623629
    Duration: 16988.117 ms
     Changes:   
              ----------
              pid:
                  8736
              retcode:
                  0
              stderr:
                  Saving debug log to /var/log/letsencrypt/letsencrypt.log
                  Obtaining a new certificate
                  Performing the following challenges:
                  http-01 challenge for robot.paysannerebelle.com
                  Using the webroot path /var/letsencrypt-auto for all unmatched domains.
                  Waiting for verification...
                  Cleaning up challenges
                  Generating key (2048 bits): /etc/letsencrypt/keys/0001_key-certbot.pem
                  Creating CSR: /etc/letsencrypt/csr/0001_csr-certbot.pem
              stdout:
                  IMPORTANT NOTES:
                   - Congratulations! Your certificate and chain have been saved at
                     /etc/letsencrypt/live/robot.paysannerebelle.com/fullchain.pem. Your
                     cert will expire on 2017-07-26. To obtain a new or tweaked version
                     of this certificate in the future, simply run certbot again. To
                     non-interactively renew *all* of your certificates, run "certbot
                     renew"
                   - If you like Certbot, please consider supporting our work by:

                     Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
                     Donating to EFF:                    https://eff.
Sandlayth accepted this revision.Apr 28 2017, 04:52
This revision is now accepted and ready to land.Apr 28 2017, 04:52
This revision was automatically updated to reflect the committed changes.