46edf8aeb0
This runs the LE ansible alongside the ethercalc puppetry to get an LE cert provision for this service. Once we are happy with the new cert we can land the followup change to switch to the LE cert. Note we don't add an altname for the host because that will require extra DNS records in rax DNS. Change-Id: I04c062eb994f672283aa30ffcc0c4d45fc8c50f6
Generate letsencrypt certificates
This must run after the letsencrypt-install-acme-sh,
letsencrypt-request-certs and
letsencrypt-install-txt-records roles. It will run the
acme.sh process to create the certificates on the host.
Role Variables
If set to True, will locally generate self-signed certificates in the same locations the real script would, instead of contacting letsencrypt. This is set during gate testing as the authentication tokens are not available.
If set to True will use the letsencrypt staging environment, rather than make production requests. Useful during initial provisioning of hosts to avoid affecting production quotas.
The same variable as described in
letsencrypt-request-certs.