migrate from letsencrypt-domains to Puppet for TLS certificates (TPA-RFC-64)
@weasel has a nice Puppet module to manage TLS certificates, let's use that instead of a git repository with a custom hook.
-
phase I: add dehydratedparameter tossl::service, test cert issuance -
phase II: use cert issued on phase I -
phase III: set dehydratedfor more and more services -
phase IV: profit -
phase XCIX: retire letsencrypt-domains.gitand switch todehydrated::certificatedirectly (or keepssl::servicewrapper since we need TLSA?) -
Get /opt/dehydrated/status.json or monitoring.status into monitoring
Edited by weasel (Peter Palfrader)