forked from saltstack-formulas/letsencrypt-formula
-
Notifications
You must be signed in to change notification settings - Fork 0
/
pillar.example
51 lines (51 loc) · 1.59 KB
/
pillar.example
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
# -*- coding: utf-8 -*-
# vim: ft=yaml
---
letsencrypt:
# Install using packages instead of git
use_package: true
# A list of package/s to install. To find the correct name for the variant
# you want to use, check https://certbot.eff.org/all-instructions
# Usually, you'll need a single one, but you can also add other plugins here.
pkgs:
- python-certbot-apache
# Only used for the git install method (use_package: false)
cli_install_dir: /opt/letsencrypt
# Only used for the git install method (use_package: false). If you want to
# have specific version of certbot you can enable it. The version value
# should match a certbot/certbot branch.
version: 0.30.x
config: |
server = https://acme-v01.api.letsencrypt.org/directory
email = webmaster@example.com
authenticator = webroot
webroot-path = /var/lib/www
agree-tos = True
renew-by-default = True
config_dir:
path: /etc/letsencrypt
user: root
group: root
mode: 755
domainsets:
www:
- example.com
- www.example.com
mail:
- imap.example.com
- smtp.example.com
- mail.example.com
intranet:
- intranet.example.com
# The post_renew cmds are executed via renew_letsencrypt_cert.sh after every
# run. For more fine grain control, consider placing scripts in the pre,
# post, and/or deploy directories within /etc/letsencrypt/renewal-hooks/. For
# more information, see: https://certbot.eff.org/docs/using.html#renewal
post_renew:
cmds:
- service nginx reload
- service haproxy reload
cron:
minute: 10
hour: 2
dayweek: 1