REFERENCE.md

Reference

Table of Contents

Classes

Public Classes

• dehydrated: Main class used to setup the system.
• dehydrated::apache: Serve challenges with Apache

Private Classes

• dehydrated::changed: Trigger a refresh of the certificates
• dehydrated::config: Manage dehydrated configuration
• dehydrated::cron: Manage cron task to refresh certificates
• dehydrated::domains: Manage the domains.txt file
• dehydrated::package: Manage the dehydrated package
• dehydrated::repo: Manage the dehydrated code
• dehydrated::user: Manage the dehydrated user

Defined types

• dehydrated::certificate: Class used to describe the certificates that should be maintained.

Functions

• dehydrated::apache::vhost_attributes: Return the apache::vhost SSL configuration for a host
• dehydrated::certsdir: Return the root directory of dehydrated certificates
• dehydrated::ssl_cert_file: Return the full path to a certificate file
• dehydrated::ssl_chain_file: Return the full path to a certificate chain file
• dehydrated::ssl_fullchain_file: Return the full path to a certificate fullchain file
• dehydrated::ssl_privkey_file: Return the full path to a private key file

Tasks

• cleanup: Cleanup certificates not managed by dehydrated anymore
• renew: Renew certificates about to expire

Plans

• dehydrated::renew: Renew certificates about to expire

Classes

dehydrated

Main class used to setup the system.

Parameters

The following parameters are available in the dehydrated class:

• apache_user
• bin
• etcdir
• group
• package
• user
• repo_source
• repo_revision
• dependencies
• apache_integration
• cron_integration
• ip_version
• ca
• ca_terms
• license
• challengetype
• keysize
• openssl_cnf
• hook
• hook_chain
• renew_days
• private_key_renew
• private_key_rollover
• key_algo
• contact_email
• ocsp_must_staple
• timeout

apache_user

Data type: String

User account of apache httpd.

bin

Data type: String

Path to the dehydrated command.

etcdir

Data type: String

Path to the dehydrated configuration directory.

group

Data type: String

Group of the user account used to manage certificates.

Default value: 'dehydrated'

package

Data type: Optional[String]

Name of the package providing dehydrated.

user

Data type: String

User account used to manage certificates.

Default value: 'dehydrated'

repo_source

Data type: String

URL of the repository providing dehydrated.

Default value: 'https://github.com/dehydrated-io/dehydrated.git'

repo_revision

Data type: String

Revision to fetch from the repository providing dehydrated.

Default value: 'v0.7.0'

dependencies

Data type: Array[String]

Extra dependencies needed to run dehydrated.

Default value: []

apache_integration

Data type: Boolean

Setup apache to serve the generated challenges.

Default value: false

cron_integration

Data type: Boolean

Setup cron to automatically renew certificates.

Default value: false

ip_version

Data type: Optional[Variant[Integer[4,4],Integer[6,6]]]

Use only this IP version for name resolution.

Default value: undef

ca

Data type: Optional[Stdlib::Httpurl]

Path to certificate authority.

Default value: undef

ca_terms

Data type: Optional[Stdlib::Httpurl]

Path to certificate authority license terms redirect.

Default value: undef

license

Data type: Optional[String]

Path to license agreement.

Default value: undef

challengetype

Data type: Optional[Enum['http-01', 'dns-01']]

Challenge type to be used.

Default value: undef

keysize

Data type: Optional[Integer[0]]

Default keysize for private keys.

Default value: undef

openssl_cnf

Data type: Optional[String]

Path to openssl config file.

Default value: undef

hook

Data type: Optional[String]

Program or function called in certain situations.

Default value: undef

hook_chain

Data type: Optional[Boolean]

Chain clean_challenge|deploy_challenge arguments together into one hook call per certificate.

Default value: undef

renew_days

Data type: Optional[Integer[0]]

Minimum days before expiration to automatically renew certificate.

Default value: undef

private_key_renew

Data type: Optional[Boolean]

Regenerate private keys instead of just signing new certificates on renewal.

Default value: undef

private_key_rollover

Data type: Optional[Boolean]

Create an extra private key for rollover.

Default value: undef

key_algo

Data type: Optional[Enum['rsa', 'prime256v1', 'secp384r1']]

Which public key algorithm should be used?

Default value: undef

contact_email

Data type: String

E-mail address Let's Encrypt can use to reach you regarding your certificates.

ocsp_must_staple

Data type: Optional[Boolean]

Option to add CSR-flag indicating OCSP stapling to be mandatory.

Default value: undef

timeout

Data type: Optional[Integer[0]]

Execution timeout for dehydrated tool.

Default value: undef

dehydrated::apache

Serve challenges with Apache

Defined types

dehydrated::certificate

Class used to describe the certificates that should be maintained.

Parameters

The following parameters are available in the dehydrated::certificate defined type:

• domains

domains

Data type: Array[String]

List of Subject Alternative Names (SAN) to include in the certificate

Default value: []

Functions

dehydrated::apache::vhost_attributes

Type: Puppet Language

Return the apache::vhost SSL configuration for a host

Examples

apache::vhost { $hostname:
  port => 443,
  ssl  => true,
  [...]
  *    => dehydrated::apache::vhost_attributes($hostname)
}

dehydrated::apache::vhost_attributes(String $hostname)

Return the apache::vhost SSL configuration for a host

Returns: Hash[String,String] Virtual host configuration for the host

Examples

apache::vhost { $hostname:
  port => 443,
  ssl  => true,
  [...]
  *    => dehydrated::apache::vhost_attributes($hostname)
}

hostname

Data type: String

The name of the host to consider

dehydrated::certsdir

Type: Puppet Language

Return the root directory of dehydrated certificates

dehydrated::certsdir()

Return the root directory of dehydrated certificates

Returns: String The directory of dehydrated certificates

dehydrated::ssl_cert_file

Type: Puppet Language

Return the full path to a certificate file

dehydrated::ssl_cert_file(String $hostname)

Return the full path to a certificate file

Returns: String The path of the cerificate file

hostname

Data type: String

The name of the host to consider

dehydrated::ssl_chain_file

Type: Puppet Language

Return the full path to a certificate chain file

dehydrated::ssl_chain_file(String $hostname)

Return the full path to a certificate chain file

Returns: String The path of the cerificate chain file

hostname

Data type: String

The name of the host to consider

dehydrated::ssl_fullchain_file

Type: Puppet Language

Return the full path to a certificate fullchain file

dehydrated::ssl_fullchain_file(String $hostname)

Return the full path to a certificate fullchain file

Returns: String The path of the cerificate fullchain file

hostname

Data type: String

The name of the host to consider

dehydrated::ssl_privkey_file

Type: Puppet Language

Return the full path to a private key file

dehydrated::ssl_privkey_file(String $hostname)

Return the full path to a private key file

Returns: String The path of the private key file

hostname

Data type: String

The name of the host to consider

Tasks

cleanup

Cleanup certificates not managed by dehydrated anymore

Supports noop? true

Parameters

dehydrated_dir

Data type: Optional[Stdlib::AbsolutePath]

The directory of dehydrated

renew

Renew certificates about to expire

Supports noop? false

Plans

dehydrated::renew

Renew certificates about to expire

Parameters

The following parameters are available in the dehydrated::renew plan:

• targets

targets

Data type: TargetSpec

Target fifor certificates renewal