forked from saltstack-formulas/letsencrypt-formula
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathpillar.example
67 lines (67 loc) · 2.25 KB
/
pillar.example
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
# -*- coding: utf-8 -*-
# vim: ft=yaml
---
letsencrypt:
# Install using packages instead of git
use_package: true
# A list of package/s to install. To find the correct name for the variant
# you want to use, check https://certbot.eff.org/all-instructions
# Usually, you'll need a single one, but you can also add other plugins here.
pkgs:
- python-certbot-apache
# Only used for the git install method (use_package: false)
cli_install_dir: /opt/letsencrypt
# Only used for the git install method (use_package: false). If you want to
# have specific version of certbot you can enable it. The version value
# should match a certbot/certbot branch.
version: 0.30.x
# Subcommand used for certificates' first generation cmd ( run | certonly | renew )
create_init_cert_subcmd: certonly
# Any parameter from the cli can be specified in the config file
# check https://certbot.eff.org/docs/using.html#configuration-file
config:
server: https://acme-v02.api.letsencrypt.org/directory
email: webmaster@example.com
authenticator: webroot
webroot-path: /var/lib/www
agree-tos: true
keep-until-expiring: true
expand: true
# For backward compatibility, config can be passed as a string
# (although it's discouraged, as this format might be dropped in a future
# release)
# config: |
# server = https://acme-v01.api.letsencrypt.org/directory
# email = webmaster@example.com
# authenticator = webroot
# webroot-path = /var/lib/www
# agree-tos = True
# keep-until-expiring = True
# expand = True
config_dir:
path: /etc/letsencrypt
user: root
group: root
mode: 755
domainsets:
www:
- example.com
- www.example.com
mail:
- imap.example.com
- smtp.example.com
- mail.example.com
intranet:
- intranet.example.com
# The post_renew cmds are executed via renew_letsencrypt_cert.sh after every
# run. For more fine grain control, consider placing scripts in the pre,
# post, and/or deploy directories within /etc/letsencrypt/renewal-hooks/. For
# more information, see: https://certbot.eff.org/docs/using.html#renewal
post_renew:
cmds:
- service nginx reload
- service haproxy reload
cron:
minute: 10
hour: 2
dayweek: 1