migrate from letsencrypt-domains to Puppet for TLS certificates (TPA-RFC-64)
@weasel has a nice Puppet module to manage TLS certificates, let's use that instead of a git repository with a custom hook.
-
phase I: add dehydrated
parameter tossl::service
, test cert issuance -
phase II: use cert issued on phase I -
phase III: set dehydrated
for more and more services -
phase IV: profit -
phase XCIX: retire letsencrypt-domains.git
and switch todehydrated::certificate
directly (or keepssl::service
wrapper since we need TLSA?) -
Get /opt/dehydrated/status.json or monitoring.status into monitoring
Edited by weasel (Peter Palfrader)