HomeDevCentral
Diffusion Nasqueron Operations c9cb237e5e18

Automate acme.sh install-cert cmd
c9cb237e5e18
Actions

Description

Automate acme.sh install-cert cmd

Summary:
This command have several opportunities to botch a certificate deployment,
e.g. if we miss fullchain, the daemon will still serve former certificate.

Automating it allows to apply correct pillar configuration, and maintain it.

Currently, this cmd.run isn't strictly equipollent, it will run this command
everytime, but the result on the server will be equipollent: same config,
same files content.

Fixes T2210.

Test Plan:

  • Deploy to hervil
  • Check the mail.nasqueron.org config have fullchain defined
  • Check if the certificates files are correctly regenerated

Reviewers: dereckson

Reviewed By: dereckson

Maniphest Tasks: T2210

Differential Revision: https://devcentral.nasqueron.org/D3906

Details

Provenance
DorianWintyAuthored on Thu, Feb 5, 21:37
derecksonCommitted on Thu, Feb 5, 22:53
derecksonPushed on Thu, Feb 5, 22:53
Reviewer
dereckson
Differential Revision
D3906: Automate acme.sh install-cert cmd
Parents
rOPS380b5c8bf836: Divide acmesh stanza into sections
Branches
Unknown
Tags
Unknown
References
HEAD -> main
Tasks
T2210: fullchain.pem isn't automatically generated by acme.sh

Changes (2)

PathSize
pillar/
core/
certificates/
roles/
core/
certificates/

rOPSc9cb237e5e18

View Options

pillar/core/certificates/hervil.sls

Loading...
View Options

roles/core/certificates/acmesh.sls

Loading...
Nasqueron DevCentral · If it had been much bigger the moon would have had a core of ice. · Powered by Phabricator