Update letsencrypt role docs to suggest a specific order

In reviews on https://review.opendev.org/819923 we discovered we
are inconsistent in how we create certs.  Suggest a specific course
of action and record the reasoning.

Change-Id: I974a1717a74e759ca8805dcb707efc7fe29ba53f
This commit is contained in:
James E. Blair 2021-12-03 14:24:13 -08:00
parent e79dbbe6bb
commit 7f96224ef9

View File

@ -39,7 +39,9 @@ provision process.
certificate to create (i.e. a host can create multiple separate
certificates). Each key should have a list of hostnames valid for
that certificate. The certificate will be named for the *first*
entry.
entry. Naming the cert for the service (rather than the hostname)
will simplify references to the file (for example in Apache
VirtualHost configs), so listing it first is preferred.
For example:
@ -47,13 +49,13 @@ provision process.
letsencrypt_certs:
hostname-main-cert:
- hostname01.opendev.org
- hostname.opendev.org
- hostname01.opendev.org
hostname-secondary-cert:
- foo.opendev.org
will ultimately result in two certificates being provisioned on the
host in ``/etc/letsencrypt-certs/hostname01.opendev.org`` and
host in ``/etc/letsencrypt-certs/hostname.opendev.org`` and
``/etc/letsencrypt-certs/foo.opendev.org``.
Note the creation role ``letsencrypt-create-certs`` will call a