Install and configure Let's Encrypt client written in go lego via Bundlewrap.
- Linux (AMD64)
- nginx Bundle
At minimum lego requires an Email-Address, so please enter at least the email field.
node["foobar"] = {
'metadata': {
'lego': {
'version': '4.2.0',
'checksum': '3b0f6c715b79a6dc692e5c3f5890905bc4404a33469cecc2d0b60c5bf5c2076f',
'email': 'info@example.org',
'path': '/etc/lego',
'default_challenge': 'dns-cloudflare',
'domains': {
'example.org': {
'challenge': 'dns-cloudflare',
'additional_domains': [
'www.example.org', 'foobar.example.org',
],
},
'yetAnotherDomain.example.org': {},
},
'renew_hooks': [
'''install -u nginx -g nginx -m 0640 ${LEGO_CERT_PEM_PATH} /etc/nginx/ssl/
systemctl restart nginx''',
'challenges': {
'dns-cloudflare': {
'type': 'dns',
'provider': 'cloudflare',
'environment': {
'CLOUDFLARE_DNS_API_TOKEN': '1234567890abcdefghijklmnopqrstuvwxyz',
},
'additional_params': [
'--dns.resolvers 1.1.1.1',
],
},
},
# see https://www.freedesktop.org/software/systemd/man/latest/systemd.time.html
'renewal_time': 'Mon..Fri *-*-* 03:30:00 UTC',
'randomized_delay': '1h',
},
}
}