propellor-5.17: property-based host configuration management in haskell
Safe HaskellSafe-Inferred
LanguageHaskell2010

Propellor.Property.LetsEncrypt

Description

This module gets LetsEncrypt https://letsencrypt.org/ certificates using CertBot https://certbot.eff.org/

Synopsis

Documentation

data AgreeTOS Source #

Tell the letsencrypt client that you agree with the Let's Encrypt Subscriber Agreement. Providing an email address is recommended, so that letcencrypt can contact you about problems.

Constructors

AgreeTOS (Maybe Email) 

letsEncrypt :: AgreeTOS -> Domain -> WebRoot -> Property DebianLike Source #

Uses letsencrypt to obtain a certificate for a domain.

This should work with any web server, as long as letsencrypt can write its temp files to the web root. The letsencrypt client does not modify the web server's configuration in any way; this only obtains the certificate it does not make the web server use it.

This also handles renewing the certificate. For renewel to work well, propellor needs to be run periodically (at least a couple times per month).

This property returns MadeChange when the certificate is initially obtained, and when it's renewed. So, it can be combined with a property to make the webserver (or other server) use the certificate:

letsEncrypt (AgreeTOS (Just "me@example.com")) "example.com" "/var/www"
	`onChange` Apache.reload

See httpsVirtualHost for a more complete integration of apache with letsencrypt, that's built on top of this.

letsEncrypt' :: AgreeTOS -> Domain -> [Domain] -> WebRoot -> Property DebianLike Source #

Like letsEncrypt, but the certificate can be obtained for multiple domains.

liveCertDir :: Domain -> FilePath Source #

The cerificate files that letsencrypt will make available for a domain.