Get internal cert for hostname

Used for client cert auth to MQTT server

global/overlay/etc/puppet/modules/cdn/manifests/cache.pp

@@ -4,6 +4,9 @@ class cdn::cache(
     customer1 => 1000000000,
   },
   String $sunet_cdnp_version = '0.0.1',
+  Hash[String, String] $acme_url = {
+    test => 'https://internal-sto3-test-ca-1.cdn.sunet.se:9000/acme/acme/directory'
+  }
 )
 {
   include sunet::packages::certbot
@@ -127,6 +130,18 @@ class cdn::cache(
     rule => 'add rule inet filter input meta iifname ip6tnl0 ip6 daddr 2001:6b0:2100::/48 tcp dport { 80, 443 } counter accept comment "sunet-cdn-service6"'
   }
 
+  # From https://wiki.sunet.se/display/sunetops/Platform+naming+standards
+  $my_fqdn = $facts['networking']['fqdn']
+  $dot_split = split($my_fqdn, '[.]')
+  $my_hostname = $dot_split[0]
+  $dash_split = split($my_hostname,'[-]')
+  $environment = $dash_split[2]
+
+  # Get client cert for connecting to MQTT bus
+  exec { "certbot certonly -n --email patlu@sunet.se --no-eff-email --agree-tos --standalone -d ${my_fqdn} --server ${acme_url[$environment]}":
+    creates => "/etc/letsencrypt/live/${my_fqdn}/fullchain.pem"
+  }
+
   $sunet_cdnp_dir = '/var/lib/sunet-cdnp'
   $sunet_cdnp_file = "sunet-cdnp_${sunet_cdnp_version}_linux_${facts[os][architecture]}.tar.gz"
   $sunet_cdnp_url = "https://github.com/SUNET/sunet-cdnp/releases/download/v${sunet_cdnp_version}/${sunet_cdnp_file}"