Commit b42453ce authored by Patrick Kimber's avatar Patrick Kimber
Browse files

Use 'certbot' package (rather than letsencrypt git repo)

parent 5e995205
......@@ -20,6 +20,7 @@
/etc/cron.d/letsencrypt:
file:
- managed
- template: jinja
- source: salt://web/letsencrypt-cron
- user: root
- group: root
......@@ -38,6 +39,7 @@
/home/web/opt/init-letsencrypt:
file:
- managed
- template: jinja
- source: salt://web/init-letsencrypt
- user: web
- group: web
......
......@@ -19,7 +19,12 @@ if [ "$1" != "" ]; then
webroot_path="/home/web/repo/files/${primary}"
fi
{% if grains['osmajorrelease'] < 20 -%}
/opt/letsencrypt/letsencrypt-auto certonly -a webroot --webroot-path=${webroot_path} -d ${primary} ${redirect}
{% else -%}
/usr/bin/certbot certonly -a webroot --webroot-path=${webroot_path} -d ${primary} ${redirect}
{% endif -%}
else
print_usage
fi
......@@ -8,5 +8,11 @@ HOME=/root/
# | | | month of the year (1-12),
# | | | | day of the week (0-6 with 0=Sunday).
# | | | | | user commands
{% if grains['osmajorrelease'] < 20 -%}
37 3 * * * root /opt/letsencrypt/letsencrypt-auto renew --no-self-upgrade >> /var/log/letsencrypt-renew.log
{% else -%}
#
# The '/etc/cron.d/certbot' script checks for expired certificates
# twice a day. We reload nginx once a day to pick up any changes
{% endif -%}
42 3 * * * root /bin/systemctl reload nginx
......@@ -53,6 +53,7 @@ python3-venv:
- user: web
{% endif %} # django or php
{% if grains['osmajorrelease'] < 20 %}
{# for letsencrypt #}
bc:
pkg.installed
......@@ -65,7 +66,10 @@ letsencrypt-git:
- require:
- pkg: git
- pkg: bc
{% else %} # osmajorrelease
certbot:
pkg.installed
{% endif %} # osmajorrelease
{% if django %}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment