3aaf87ee6d
Currently we don't set a contact email with our accounts. This is an optional feature, but would be helpful for things like [1] where we would be notified of certificates affected by bugs, etc. Setup the email address in the acme.sh config which will apply with any new accounts created. To update all the existing hosts, we see if the account email is added/modified in the config *and* if we have existing account details; if so we need a manual update call. For anyone who might be poking here, we also add a note on sharing an account based on some broadly agreed upon discussion in IRC. [1] https://community.letsencrypt.org/t/revoking-certain-certificates-on-march-4/114864 Change-Id: Ib4dc3e179010419a1b18f355d13b62c6cc4bc7e8
24 lines
716 B
ReStructuredText
24 lines
716 B
ReStructuredText
Install acme.sh client
|
|
|
|
This makes the `acme.sh <https://github.com/Neilpang/acme.sh>`__
|
|
client available on the host.
|
|
|
|
Additionally a ``driver.sh`` script is installed to run the
|
|
authentication procedure and parse output.
|
|
|
|
**Role Variables**
|
|
|
|
.. zuul:rolevar:: letsencrypt_gid
|
|
:default: unset
|
|
|
|
Unix group `gid` for the `letsencrypt` group which has permissions
|
|
on the `/etc/letsencrypt-certificates` directory. If unset, uses
|
|
system default. Useful if this conflicts with another role that
|
|
assumes a `gid` value.
|
|
|
|
.. zuul:rolevar:: letsencrypt_account_email
|
|
:default: undefined
|
|
|
|
The email address to register with accounts. Renewal mail and
|
|
other info may be sent here. Must be defined.
|