cdist-type__uacme_obtain - obtain, renew and deploy Let’s Encrypt certificates
This type leverage uacme to issue and renew Let’s Encrypt certificates and provides a simple deployment mechanism. It is expected to be called after __uacme_account.
Path to publicly available (served by a third-party HTTP server, under $DOMAIN/.well-known/acme-challenge) challenge directory.
uacme configuration directory.
Path to the challenge hook program.
Owner of installed certificate (e.g. www-data), passed to chown.
Installation path of the issued certificate.
Installation path of the certificate’s private key.
Renew hook executed on certificate renewal (e.g. service nginx reload).
Override default ownership for TLS certificate, passed as argument to chown.
OPTIONAL MULTIPLE PARAMETERS¶
Alternative domain names for this certificate.
When this flag is not specified and the certificate has an Authority Information Access extension with an OCSP server location uacme makes an OCSP request to the server; if the certificate is reported as revoked uacme forces reissuance regardless of the expiration date.
Request certificates with the RFC7633 Certificate Status Request TLS Feature Extension, informally also known as “OCSP Must-Staple”.
Use RSA instead of EC for the private key. Only applies to newly generated keys.
Copyright (C) 2020 Joachim Desroches. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.