Compare commits
No commits in common. "9a73d8bdfedc65f94d5e96577923d85a5bf9df0f" and "8cd801bd642abe2b2cbf33debfad8766325a1015" have entirely different histories.
9a73d8bdfe
...
8cd801bd64
|
@ -1,17 +0,0 @@
|
||||||
#!/bin/bash
|
|
||||||
|
|
||||||
# When initializing step-ca with the docker flag DOCKER_STEPCA_INIT_ACME
|
|
||||||
# a basic ACME provisioner is enabled. This script runs commands to modify the
|
|
||||||
# default configuration.
|
|
||||||
|
|
||||||
# Enable forceCN if not set.
|
|
||||||
# This is needed because certbot does not include a
|
|
||||||
# Subject CN field in the CSR:
|
|
||||||
# https://github.com/certbot/certbot/issues/9633#issuecomment-1484988078
|
|
||||||
# ... and the Mosquitto MQTT server uses the Subject CN in ACL filters.
|
|
||||||
#
|
|
||||||
# Ideally Mosquitto would learn to look at the SAN field instead:
|
|
||||||
# https://github.com/eclipse-mosquitto/mosquitto/issues/2511
|
|
||||||
if [ "$(step ca provisioner list | jq -r '.[] | select (.name == "acme") | .forceCN')" = "null" ]; then
|
|
||||||
step ca provisioner update acme --force-cn --admin-subject=step --admin-provisioner=admin --admin-password-file=/opt/step-ca/init/secrets/provisioner-password
|
|
||||||
fi
|
|
|
@ -1,11 +1,11 @@
|
||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
|
|
||||||
# When initializing step-ca with the docker flag
|
# When initializing step-ca with the docker flag STEPCA_INIT_PASSWORD_FILE the
|
||||||
# DOCKER_STEPCA_INIT_PASSWORD_FILE the password will be used both for key
|
# password will be used both for key encryption as well as the admin "step"
|
||||||
# encryption as well as the admin "step" provisioner. If not using that flag a
|
# provisioner. If not using that flag a separate password will be generated for
|
||||||
# separate password will be generated for each usage. This seems better as you
|
# each usage. This seems better as you are not typing the encryption password
|
||||||
# are not typing the encryption password any other time, while the provisioner
|
# any other time, while the provisioner password is used anytime you are
|
||||||
# password is used anytime you are managing things.
|
# managing things.
|
||||||
#
|
#
|
||||||
# This script is used on first setup of step-ca to modify the provisioner to
|
# This script is used on first setup of step-ca to modify the provisioner to
|
||||||
# use its own password instead. Pending
|
# use its own password instead. Pending
|
||||||
|
|
|
@ -59,14 +59,6 @@ class cdn::ca(
|
||||||
content => file('cdn/ca/bootstrap-client'),
|
content => file('cdn/ca/bootstrap-client'),
|
||||||
}
|
}
|
||||||
|
|
||||||
file { '/opt/step-ca/init/scripts/configure-acme':
|
|
||||||
ensure => file,
|
|
||||||
owner => 'root',
|
|
||||||
group => 'root',
|
|
||||||
mode => '0755',
|
|
||||||
content => file('cdn/ca/configure-acme'),
|
|
||||||
}
|
|
||||||
|
|
||||||
file { '/opt/step-ca/init/deb':
|
file { '/opt/step-ca/init/deb':
|
||||||
ensure => directory,
|
ensure => directory,
|
||||||
owner => 'root',
|
owner => 'root',
|
||||||
|
|
|
@ -231,13 +231,13 @@ class cdn::cache(
|
||||||
|
|
||||||
concat::fragment { "${customer}-fullchain-${cache_secrets['customers'][$customer]['host']}":
|
concat::fragment { "${customer}-fullchain-${cache_secrets['customers'][$customer]['host']}":
|
||||||
target => $combined_pem,
|
target => $combined_pem,
|
||||||
source => "/opt/certbot-sync/letsencrypt/live/${cache_secrets['customers'][$customer]['host']}/fullchain.pem",
|
source => "/opt/certbot/letsencrypt/live/${cache_secrets['customers'][$customer]['host']}/fullchain.pem",
|
||||||
order => '01',
|
order => '01',
|
||||||
}
|
}
|
||||||
|
|
||||||
concat::fragment { "${customer}-privkey-${cache_secrets['customers'][$customer]['host']}":
|
concat::fragment { "${customer}-privkey-${cache_secrets['customers'][$customer]['host']}":
|
||||||
target => $combined_pem,
|
target => $combined_pem,
|
||||||
source => "/opt/certbot-sync/letsencrypt/live/${cache_secrets['customers'][$customer]['host']}/privkey.pem",
|
source => "/opt/certbot/letsencrypt/live/${cache_secrets['customers'][$customer]['host']}/privkey.pem",
|
||||||
order => '02',
|
order => '02',
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue