forked from martinhoefling/letsencrypt-formula
-
Notifications
You must be signed in to change notification settings - Fork 150
/
pillar.example
97 lines (95 loc) · 3.53 KB
/
pillar.example
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
# -*- coding: utf-8 -*-
# vim: ft=yaml
---
letsencrypt:
# Install using package, git or pip
install_method: package
# A list of package/s to install. To find the correct name for the variant
# you want to use, check https://certbot.eff.org/all-instructions
# Usually, you'll need a single one, but you can also add other plugins here.
# It defaults to installing the `certbot` package, but you can add other
# plugins for authentication/install
pkgs:
- python3-certbot-apache
# - python3-certbot-nginx
# - python3-dns-route53
# Only used for the git or pip install methods (install_method = (git|pip))
cli_install_dir: /opt/letsencrypt
# Only used for the git or pip install methods (install_method = git|pip)).
# If you want to have specific version of certbot you can enable it. The
# version value should match a certbot/certbot branch.
version: 0.30.x
# Only used for the pip install method (install_method = pip). Can be used to
# install plugins for certbot. Default: []
pip_pkgs:
- certbot-dns-azure
- certbot-dns-powerdns
# Subcommand used for certificates' first generation cmd ( run | certonly | renew )
create_init_cert_subcmd: certonly
# Any parameter from the cli can be specified in the config file
# check https://certbot.eff.org/docs/using.html#configuration-file
config:
server: https://acme-v02.api.letsencrypt.org/directory
email: [email protected]
# Don't add an authenticator here if you need (or expect) to mix authentication
# methods.
# In such case, use authenticators below
authenticator: webroot
webroot-path: /var/lib/www
agree-tos: true
keep-until-expiring: true
expand: true
# For backward compatibility, config can be passed as a string
# (although it's discouraged, as this format might be dropped in a future
# release)
# config: |
# server = https://acme-v01.api.letsencrypt.org/directory
# email = [email protected]
# authenticator = webroot
# webroot-path = /var/lib/www
# agree-tos = True
# keep-until-expiring = True
# expand = True
config_dir:
path: /etc/letsencrypt
user: root
group: root
mode: 755
# If you need to manage certificates for a few domainsets on the same node, but
# the authentication for each of these vary, you need to specify
# an authenticator for each of the domainsets instead of setting it in cli.ini
# Set them in this parameter. You can use the reserved name `default` to set
# the authenticator that will be used in case no other is specified for a
# particular domainset.
# Default: authenticators: {}
authenticators:
default: nginx
mail: route53
# As with `authenticators` above, you can specify different install methods for
# your different certificates. The installer set as `default` will be used to
# all the domainsets with no particular installer
# Default: installers: {}
installers:
default: nginx
domainsets:
www:
- example.com
- www.example.com
mail:
- imap.example.com
- smtp.example.com
- mail.example.com
intranet:
- intranet.example.com
# The post_renew cmds are executed via renew_letsencrypt_cert.sh after every
# run. For more fine grain control, consider placing scripts in the pre,
# post, and/or deploy directories within /etc/letsencrypt/renewal-hooks/. For
# more information, see: https://certbot.eff.org/docs/using.html#renewal
post_renew:
cmds:
- service nginx reload
- service haproxy reload
cron:
minute: 10
hour: 2
dayweek: 1