opendev
/
system-config
Code Issues Proposed changes
system-config/playbooks/roles/letsencrypt-acme-sh-install
History
Clark Boylan 3d5d2779d2 Be explicit about server used in acme.sh 
Acme.sh is updating their defaults to use zerossl instead of
letsencrypt [0]. This has resulted in errors like:

  Can not resolve _eab_id

When our runs of acme.sh attempt to communicate with zerossl. While the
default change isn't supposed to happen until August 1 we hit it early
because we consume the dev branch of acme.sh.

We avoid this entirely by being explicit about the server to communicate
to in our acme.sh driver script. We explicitly set --server to
letsencrypt.

Note that a followup should likely update our use of --staging to set
--server letsencrypt_test as --staging enforces their defaults as well.

[0] https://github.com/acmesh-official/acme.sh/wiki/Change-default-CA-to-ZeroSSL

Change-Id: Ia6a8da80869f1c4ff3240712bcd320bfc6f29e93
 		2021-06-18 08:48:35 -07:00
..
files Be explicit about server used in acme.sh 2021-06-18 08:48:35 -07:00
tasks ansible-lint : disable 503 2020-03-06 09:57:00 +11:00
README.rst letsencrypt: Register email with accounts 2020-03-05 12:25:56 +11:00

README.rst

Install acme.sh client

This makes the acme.sh client available on the host.

Additionally a driver.sh script is installed to run the authentication procedure and parse output.

Role Variables