From e5a23593bf22c9437348712d5472c3a54bd7ae84 Mon Sep 17 00:00:00 2001
From: Patrik Lundin <patlu@sunet.se>
Date: Mon, 4 Nov 2024 09:31:50 +0100
Subject: [PATCH] Apply IP-specific certbot command to cache instead

---
 global/overlay/etc/puppet/modules/cdn/manifests/cache.pp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/global/overlay/etc/puppet/modules/cdn/manifests/cache.pp b/global/overlay/etc/puppet/modules/cdn/manifests/cache.pp
index f5a6a30..d4da2b8 100644
--- a/global/overlay/etc/puppet/modules/cdn/manifests/cache.pp
+++ b/global/overlay/etc/puppet/modules/cdn/manifests/cache.pp
@@ -138,7 +138,7 @@ class cdn::cache(
   $environment = $dash_split[2]
 
   # Get client cert for connecting to MQTT bus
-  exec { "certbot certonly -n --email patlu@sunet.se --no-eff-email --agree-tos --standalone -d ${my_fqdn} --server ${acme_url[$environment]}":
+  exec { "certbot certonly -n --email patlu@sunet.se --no-eff-email --agree-tos --standalone -d ${my_fqdn} --server ${acme_url[$environment]} --http-01-address ${facts['networking']['ip']}":
     creates => "/etc/letsencrypt/live/${my_fqdn}/fullchain.pem"
   }