Defined Type: certbot::webroot

Defined in:
manifests/webroot.pp

Overview

Define: certbot::webroot

Certbot certonly command and cron job for the webroot plugin. Makes some assumptions about how the webroot is set up– i.e. there is only one webroot directory.

Parameters:

  • domains (Array[String, 1])
  • webroot_path (String) (defaults to: $certbot::webroot_dir)
  • manage_cron (Boolean) (defaults to: true)
  • cron_success_cmd (String) (defaults to: '/bin/true') 


6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
 
# File 'manifests/webroot.pp', line 6

define certbot::webroot (
  Array[String, 1] $domains,
  String $webroot_path = $certbot::webroot_dir,
  Boolean $manage_cron = true,
  String $cron_success_cmd = '/bin/true'
) {
  require certbot

  $_certonly_cmd = "${certbot::certbot_bin} --noninteractive --agree-tos certonly --webroot"
  $_webroot_cmd = "--webroot --webroot-path ${webroot_path}"
  $_domains_cmd = join(prefix($domains, '-d '), ' ')

  $_command = join([$_certonly_cmd, $_webroot_cmd, $_domains_cmd], ' ')

  $_first_domain = $domains[0]
  $_live_path = "${certbot::config_dir}/live/${_first_domain}"

  exec { "certbot certonly ${name}":
    command => $_command,
    path    => ["${certbot::virtualenv}/bin"],
    user    => 'certbot',
    creates => "${_live_path}/cert.pem",
  }

  if $manage_cron {
    cron { "certbot certonly renew ${name}":
      # Run the command as the certbot user and if it succeeds, run the success command as root
      command => "/bin/su certbot -s /bin/sh -c '${_command}' && (${cron_success_cmd})",
      user    => 'root',
      hour    => fqdn_rand(24, $name),
      minute  => fqdn_rand(60, $name),
    }
  }
}