Merged
Conversation
letsencrypt is consistently the longest state in my configuration, and apparently because of the random delay introduced when renewing non-interactively. Conceivably this could be made optional using a pillar variable; but, for now, I'll just disable the random sleep, at least during dry-run.
Use --no-random-sleep-on-renew during check
## [0.20.2](v0.20.1...v0.20.2) (2020-07-07) ### Bug Fixes * **domains:** renew --no-random-sleep-on-renew ([07cbc3b](07cbc3b)) ### Continuous Integration * **kitchen:** use `saltimages` Docker Hub where available [skip ci] ([be61a98](be61a98))
Specifying `renew-by-default` in the config, regardless of True / False enables the flag. This causes certbot to force-renew on every timer run and means you will hit the rate-limit fairly quickly. A safer default is `keep-until-expiring` where the renew will only be done when it's actually advisable. `expand` allows an expanded domain list to renew correctly without forking a new domainset. This is something that most users will want.
Also specify `config` as a hash to make it easier to provide the config from multiple pillar values. Maintain backward compatibility (supplying `config` as a string) so that the formula continues to work as expected if a `config` string is already available. BREAKING CHANGE: `config` can now be provided as a hash or a string; defaults are modified and, while sane and desirable, do change the behavior of the formula.
closes #72 (ACMEv1 eol)
update to good-citizen defaults
# [1.0.0](v0.20.2...v1.0.0) (2020-07-23) ### Bug Fixes * **package:** amazonlinux defaults to python2 ([926c779](926c779)) * **server:** change server to ACMEv2 ([1fc79b8](1fc79b8)), closes [#72](#72) ### Documentation * **defaults:** update pillar.example to good-citizen defaults ([b889678](b889678)) ### Features * **config:** add sane defaults ([d9afac9](d9afac9)) * **package:** update default to py3 ([4c93c11](4c93c11)) ### BREAKING CHANGES * **config:** `config` can now be provided as a hash or a string; defaults are modified and, while sane and desirable, do change the behavior of the formula.
feat(map): add FreeBSD support for `certbot`
# [1.1.0](v1.0.0...v1.1.0) (2020-07-29) ### Features * **map:** add FreeBSD support for certbot ([911a443](911a443))
Certbot has the ability to name a certificate with the --cert-name option.
This allows us for instance to refers to this same setname to other
configuration and then further automate virtualhost creation in nginx or apache.
BREAKING CHANGE: Since this domains' setname was not used, the path was named
after the first domain in the domains set. In order to keep using this workflow,
you need to rename the setname with the first domain in the list like the
following:
```
letsencrypt:
domains:
foo.example.com:
- foo.example.com
```
…ption refactor: Use domains' setname as --cert-name option
# [2.0.0](v1.1.0...v2.0.0) (2020-08-26) ### Code Refactoring * use domains' setname as --cert-name option ([68fb247](68fb247)) ### BREAKING CHANGES * Since this domains' setname was not used, the path was named after the first domain in the domains set. In order to keep using this workflow, you need to rename the setname with the first domain in the list like the following: ``` letsencrypt: domains: foo.example.com: - foo.example.com ```
* Automated using myii/ssf-formula#259
… ci] * Automated using myii/ssf-formula#265
feat(map): add `create_init_cert_subcmd` var
# [2.1.0](v2.0.0...v2.1.0) (2020-10-26) ### Continuous Integration * **pre-commit:** add to formula [skip ci] ([0ca8d4f](0ca8d4f)) * **pre-commit:** enable/disable `rstcheck` as relevant [skip ci] ([87e6d43](87e6d43)) * **pre-commit:** finalise `rstcheck` configuration [skip ci] ([30492a3](30492a3)) ### Features * **map:** add `create_init_cert_subcmd` var ([20f9b35](20f9b35))
* Automated using myii/ssf-formula#275
Fix certificate renewal checks
## [2.1.1](v2.1.0...v2.1.1) (2021-06-23) ### Bug Fixes * **domains:** check cert exists with desired domains ([a11fa8b](a11fa8b)), closes [#57](#57) * **domains:** update git check cert script ([2cbb50c](2cbb50c)) * **gentoo:** use correct `git` package name ([1054e0d](1054e0d)) * **osfinger:** provide correct package for `centos-7` & `oraclelinux-7` ([19998df](19998df)) ### Continuous Integration * **kitchen+gitlab:** remove Ubuntu 16.04 & Fedora 32 (EOL) [skip ci] ([8b5b4f4](8b5b4f4)) * add `arch-master` to matrix and update `.travis.yml` [skip ci] ([7ea4e63](7ea4e63)) * **commitlint:** ensure `upstream/master` uses main repo URL [skip ci] ([5def61c](5def61c)) * **gemfile+lock:** use `ssf` customised `kitchen-docker` repo [skip ci] ([8cc1a93](8cc1a93)) * **gitlab-ci:** add `rubocop` linter (with `allow_failure`) [skip ci] ([824c5c2](824c5c2)) * **gitlab-ci:** use GitLab CI as Travis CI replacement ([90d8a06](90d8a06)) * **kitchen+ci:** use latest pre-salted images (after CVE) [skip ci] ([e6c0d13](e6c0d13)) * **kitchen+gitlab:** adjust matrix to add `3003` [skip ci] ([493ab98](493ab98)) * **kitchen+gitlab-ci:** use latest pre-salted images [skip ci] ([ae1610b](ae1610b)) * **pre-commit:** update hook for `rubocop` [skip ci] ([a9cbb16](a9cbb16)) ### Documentation * **readme:** fix `coala` violations [skip ci] ([98c2898](98c2898)) * **readme:** stretch is now old-stable [skip ci] ([7f0bab5](7f0bab5)) ### Tests * standardise use of `share` suite & `_mapdata` state [skip ci] ([1105cb8](1105cb8))
BREAKING CHANGE: The formula was installing the Apache plugin by default which is not reasonable. Also, as `letsencrypt:pkgs` is a list, _adding_ another entry in the list was not replacing this default, causing undesired packages to be installed. The new default is an empty list of packages, defaulting to `certbot` in the code.
Performing "selfie-merge", in line with community conventions:- https://github.com/saltstack/salt/blob/develop/doc/topics/development/conventions/formulas.rst#get-involved-creating-new-formulas
# [3.0.0](v2.1.1...v3.0.0) (2021-07-02) ### Bug Fixes * **defaults:** install `certbot` with no plugins ([70dafdd](70dafdd)) ### Continuous Integration * **3003.1:** update inc. AlmaLinux, Rocky & `rst-lint` [skip ci] ([f937dca](f937dca)) ### BREAKING CHANGES * **defaults:** The formula was installing the Apache plugin by default which is not reasonable. Also, as `letsencrypt:pkgs` is a list, _adding_ another entry in the list was not replacing this default, causing undesired packages to be installed. The new default is an empty list of packages, defaulting to `certbot` in the code.
Allow to specify different authenticators or installers for each domainset. Also, added a `pebble` ACME CA to test that the domainsets can be obtained and installed correctly. Added tests to verify the certificates are installed.
feat(domains): allow to specify different authenticators/installers Performing "selfie-merge", in line with community conventions:- https://github.com/saltstack/salt/blob/develop/doc/topics/development/conventions/formulas.rst#get-involved-creating-new-formulas
# [3.1.0](v3.0.0...v3.1.0) (2021-07-02) ### Continuous Integration * **gitlab:** enable `domains` testing on gitlab ([c3637f7](c3637f7)) ### Features * **domains:** allow to specify different authenticators/installers ([87456a1](87456a1))
* Automated using myii/ssf-formula#336
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
9 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.