propellor-2.16.0: property-based host configuration management in haskell

Safe HaskellNone
LanguageHaskell98

Propellor.Property.LetsEncrypt

Description

This module uses the letsencrypt reference client.

Synopsis

Documentation

data AgreeTOS Source

Tell the letsencrypt client that you agree with the Let's Encrypt Subscriber Agreement. Providing an email address is recommended, so that letcencrypt can contact you about problems.

Constructors

AgreeTOS (Maybe Email) 

letsEncrypt :: AgreeTOS -> Domain -> WebRoot -> Property NoInfo Source

Uses letsencrypt to obtain a certificate for a domain.

This should work with any web server, as long as letsencrypt can write its temp files to the web root. The letsencrypt client does not modify the web server's configuration in any way; this only obtains the certificate it does not make the web server use it.

This also handles renewing the certificate. For renewel to work well, propellor needs to be run periodically (at least a couple times per month).

This property returns MadeChange when the certificate is initially obtained, and when it's renewed. So, it can be combined with a property to make the webserver (or other server) use the certificate:

letsEncrypt (AgreeTOS (Just "me@example.com")) "example.com" "/var/www"
	`onChange` Apache.reload

See httpsVirtualHost for a more complete integration of apache with letsencrypt, that's built on top of this.

letsEncrypt' :: AgreeTOS -> Domain -> [Domain] -> WebRoot -> Property NoInfo Source

Like letsEncrypt, but the certificate can be obtained for multiple domains.

liveCertDir :: Domain -> FilePath Source

The cerificate files that letsencrypt will make available for a domain.