CONFIGDIR/renwal/domain.conf not updated #270
Description
Affected Puppet, Ruby, OS and module versions/distributions
- Puppet: 6.19.1
- Ruby: 2.0.0p648
- Distribution: CentOS7
- Module version: 7.0.0
How to reproduce (e.g Puppet code you use)
use the following snippet in a node (adapt i.e.)
class { letsencrypt:
config => {
email => '[email protected]',
server => 'https://acme-v02.api.letsencrypt.org/directory',
},
configure_epel => false,
renew_cron_ensure => 'present',
}
letsencrypt::certonly { 'www.demoshop.com':
domains => ['www.demoshop.com', 'demoshop.com'],
additional_args => ['--http-01-port 60001'],
deploy_hook_commands => [
"cat /etc/letsencrypt/live/www.demoshop.com/fullchain.pem /etc/letsencrypt/live/www.demoshop.com/privkey.pem > /tmp/www.demoshop.com.pem"
]
}What are you seeing
correct: deploy_hook_commands are propagated to CONFIGDIR/renewal-hooks-puppet/domain-deploy.sh
wrong: change not deployed to the domain.conf file in CONFIGDIR/renewal
(renew_hook still points to an obsolete script)
[root@host renewal]# cat www.demoshop.com.conf
# renew_before_expiry = 30 days
version = 1.11.0
archive_dir = /etc/letsencrypt/archive/www.demoshop.com
cert = /etc/letsencrypt/live/www.demoshop.com/cert.pem
privkey = /etc/letsencrypt/live/www.demoshop.com/privkey.pem
chain = /etc/letsencrypt/live/www.demoshop.com/chain.pem
fullchain = /etc/letsencrypt/live/www.demoshop.com/fullchain.pem
# Options used in the renewal process
[renewalparams]
account = 538d234f67575639f455a060ac876fdb
manual_public_ip_logging_ok = None
http01_port = 60001
server = https://acme-v02.api.letsencrypt.org/directory
authenticator = standalone
rsa_key_size = 4096
renew_hook = /etc/letsencrypt/renewal-hooks-puppet/renew-deploy.shWhat behaviour did you expect instead
Correctly configure deploy hook in CONFIGDIR/renewal/, as per documentation:
Note on certbot hook behavior: Hooks created by letsencrypt::certonly will be configured in the renewal config file of the certificate by certbot (stored in CONFIGDIR/renewal/),