sunet-cdn/cdn-ops
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Allow ACME validation from step-ca to cache

Browse source
This commit is contained in:
Patrik Lundin 2024-11-04 09:39:02 +01:00
parent e5a23593bf
commit 9cee243af6
Signed by: patlu
GPG key ID: A0A812BA2249F294
1 changed files with 6 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
global/overlay/etc/puppet/modules/cdn/manifests/cache.pp
View file

@ -137,6 +137,12 @@ class cdn::cache(
$dash_split = split($my_hostname,'[-]')
$environment = $dash_split[2]
sunet::nftables::allow { 'allow-step-ca-acme':
from => '89.45.237.248', # internal-sto3-test-ca-1.cdn.sunet.se
port => 80,
proto => 'tcp',
}
# Get client cert for connecting to MQTT bus
exec { "certbot certonly -n --email patlu@sunet.se --no-eff-email --agree-tos --standalone -d ${my_fqdn} --server ${acme_url[$environment]} --http-01-address ${facts['networking']['ip']}":
creates => "/etc/letsencrypt/live/${my_fqdn}/fullchain.pem"