Safe Haskell	Safe-Inferred
Language	Haskell2010

Propellor.Property.LetsEncrypt

Description

This module gets LetsEncrypt https://letsencrypt.org/ certificates using CertBot https://certbot.eff.org/

Synopsis

installed :: Property DebianLike
data AgreeTOS = AgreeTOS (Maybe Email)
type Email = String
type WebRoot = FilePath
letsEncrypt :: AgreeTOS -> Domain -> WebRoot -> Property DebianLike
letsEncrypt' :: AgreeTOS -> Domain -> [Domain] -> WebRoot -> Property DebianLike
liveCertDir :: Domain -> FilePath
certFile :: Domain -> FilePath
privKeyFile :: Domain -> FilePath
chainFile :: Domain -> FilePath
fullChainFile :: Domain -> FilePath

Documentation

installed :: Property DebianLike Source #

data AgreeTOS Source #

Tell the letsencrypt client that you agree with the Let's Encrypt Subscriber Agreement. Providing an email address is recommended, so that letcencrypt can contact you about problems.

Constructors

AgreeTOS (Maybe Email)

type Email = String Source #

type WebRoot = FilePath Source #

letsEncrypt :: AgreeTOS -> Domain -> WebRoot -> Property DebianLike Source #

Uses letsencrypt to obtain a certificate for a domain.

This should work with any web server, as long as letsencrypt can write its temp files to the web root. The letsencrypt client does not modify the web server's configuration in any way; this only obtains the certificate it does not make the web server use it.

This also handles renewing the certificate. For renewel to work well, propellor needs to be run periodically (at least a couple times per month).

This property returns MadeChange when the certificate is initially obtained, and when it's renewed. So, it can be combined with a property to make the webserver (or other server) use the certificate:

letsEncrypt (AgreeTOS (Just "me@example.com")) "example.com" "/var/www"
	`onChange` Apache.reload

See httpsVirtualHost for a more complete integration of apache with letsencrypt, that's built on top of this.

letsEncrypt' :: AgreeTOS -> Domain -> [Domain] -> WebRoot -> Property DebianLike Source #

Like letsEncrypt, but the certificate can be obtained for multiple domains.

liveCertDir :: Domain -> FilePath Source #

The cerificate files that letsencrypt will make available for a domain.

certFile :: Domain -> FilePath Source #

privKeyFile :: Domain -> FilePath Source #

chainFile :: Domain -> FilePath Source #

fullChainFile :: Domain -> FilePath Source #