SAN support for LetsEncrypt (#37)

SAN support for LetsEncrypt
Enrise · Mar 20, 2017 · 0877cda · 0877cda
1 parent ef577a2
commit 0877cda
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 6 deletions.
diff --git a/vhosting/components/ssl.sls b/vhosting/components/ssl.sls
@@ -1,13 +1,23 @@
 # Deal with SSL
-{% macro install_pair(salt, domain, config) %}
+{% macro install_pair(salt, domain, aliases, config) %}
 {%- set webserver = salt['pillar.get']('vhosting:server:webserver', 'nginx') %}
 {%- if 'letsencrypt' in config and config.letsencrypt == true %}
 {% from "letsencrypt/map.jinja" import letsencrypt with context %}
-# Call LetsEncrypt to get an SSL certificate
+
+# Generate a list with domain + aliases
+{%- set domainlist = [] %}
+{%- do domainlist.append(domain) %}
+{%- for alias in aliases %}
+{%- do domainlist.append(alias) %}
+{%- endfor %}
+
+# Call LetsEncrypt to get an SSL certificate for {{ domain }} (aliases: {{ aliases|join(', ') }})
 create-initial-cert-{{ domain }}:
   cmd.run:
-    - unless: /usr/local/bin/check_letsencrypt_cert.sh {{ domain }}
-    - name: {{ letsencrypt.cli_install_dir }}/letsencrypt-auto -d {{ domain }} certonly
+    - unless: /usr/local/bin/check_letsencrypt_cert.sh {{ domainlist|join(' ') }}
+    - name: {{
+            letsencrypt.cli_install_dir
+            }}/letsencrypt-auto --quiet -d {{ domainlist|join(' -d ') }} certonly --non-interactive --allow-subset-of-names
     - cwd: {{ letsencrypt.cli_install_dir }}
     - require:
       - file: letsencrypt-config
@@ -35,7 +45,7 @@ ssl_key_{{ domain }}:
 # Register a cronjob to auto-renew this certificate every 60 days
 letsencrypt-crontab-{{ domain }}:
   cron.present:
-    - name: /usr/local/bin/renew_letsencrypt_cert.sh {{ domain }}
+    - name: /usr/local/bin/renew_letsencrypt_cert.sh {{ domainlist|join(' ') }}
     - month: '*'
     - minute: random
     - hour: random

diff --git a/vhosting/resources/vhost.sls b/vhosting/resources/vhost.sls
@@ -3,6 +3,7 @@
 {%- from "vhosting/lib.sls" import path_join, sls_block with context %}
 {%- set domain = name|lower %}
 {%- set domain_safe = domain|replace('.','_') %}
+{%- set aliases = params.get('aliases', []) %}
 
 # grab all settings
 {%- set vhosting = salt['pillar.get']('vhosting') %}
@@ -89,7 +90,7 @@
 {%- if ssl is mapping %}
 # Install the required certificate, key and chain for this domain
 {%- from "vhosting/components/ssl.sls" import install_pair with context %}
-{{ install_pair(salt, domain, ssl) }}
+{{ install_pair(salt, domain, aliases, ssl) }}
 {%- endif %}
 ############################################################################################################################
 # xxx todo: Create a macro for vhost generation for standalone usage