propellor-4.7.6: property-based host configuration management in haskell

Propellor.Property.LetsEncrypt

Description

This module gets LetsEncrypt https://letsencrypt.org/ certificates using CertBot https://certbot.eff.org/

Synopsis

# Documentation

data AgreeTOS Source #

Tell the letsencrypt client that you agree with the Let's Encrypt Subscriber Agreement. Providing an email address is recommended, so that letcencrypt can contact you about problems.

Constructors

 AgreeTOS (Maybe Email)

Uses letsencrypt to obtain a certificate for a domain.

This should work with any web server, as long as letsencrypt can write its temp files to the web root. The letsencrypt client does not modify the web server's configuration in any way; this only obtains the certificate it does not make the web server use it.

This also handles renewing the certificate. For renewel to work well, propellor needs to be run periodically (at least a couple times per month).

This property returns MadeChange when the certificate is initially obtained, and when it's renewed. So, it can be combined with a property to make the webserver (or other server) use the certificate:

letsEncrypt (AgreeTOS (Just "me@example.com")) "example.com" "/var/www"
onChange Apache.reload

See httpsVirtualHost for a more complete integration of apache with letsencrypt, that's built on top of this.

Like letsEncrypt, but the certificate can be obtained for multiple domains.

The cerificate files that letsencrypt will make available for a domain.