This module currently looks for certbot script in the $PATH as - certbot, - lestsencrypt, - certbot-auto, - letsencrypt-auto eventually falls back to /opt/letsencrypt/letsencrypt-auto
Note
Installation & configuration of the Let’s Encrypt client can for example be done using https://github.com/saltstack-formulas/letsencrypt-formula
Warning
Be sure to set at least accept-tos = True in cli.ini!
Most parameters will fall back to cli.ini defaults if None is given.
salt.modules.acme.cert(name, aliases=None, email=None, webroot=None, test_cert=False, renew=None, keysize=None, server=None, owner='root', group='root', mode='0640', certname=None)¶Obtain/renew a certificate from an ACME CA, probably Let’s Encrypt.
| Parameters: |
|
|---|---|
| Returns: | dict with ‘result’ True/False/None, ‘comment’ and certificate’s expiry date (‘not_after’) |
CLI example:
salt 'gitlab.example.com' acme.cert dev.example.com "[gitlab.example.com]" test_cert=True renew=14 webroot=/opt/gitlab/embedded/service/gitlab-rails/public
salt.modules.acme.certs()¶Return a list of active certificates
CLI example:
salt 'vhost.example.com' acme.certs
salt.modules.acme.expires(name)¶The expiry date of a certificate in ISO format
| Parameters: | name – CommonName of cert |
|---|
CLI example:
salt 'gitlab.example.com' acme.expires dev.example.com
salt.modules.acme.has(name)¶Test if a certificate is in the Let’s Encrypt Live directory
| Parameters: | name – CommonName of cert |
|---|
Code example:
if __salt__['acme.has']('dev.example.com'):
log.info('That is one nice certificate you have there!')
salt.modules.acme.info(name)¶Return information about a certificate
Note
Will output tls.cert_info if that’s available, or OpenSSL text if not
| Parameters: | name – CommonName of cert |
|---|
CLI example:
salt 'gitlab.example.com' acme.info dev.example.com
salt.modules.acme.needs_renewal(name, window=None)¶Check if a certificate needs renewal
| Parameters: |
|
|---|
Code example:
if __salt__['acme.needs_renewal']('dev.example.com'):
__salt__['acme.cert']('dev.example.com', **kwargs)
else:
log.info('Your certificate is still good')
salt.modules.acme.renew_by(name, window=None)¶Date in ISO format when a certificate should first be renewed
| Parameters: |
|
|---|
Docs for previous releases are available on readthedocs.org.
Latest Salt release: 2018.3.3