Domain wildcard should be escaped or quoted in shell commands

[Turgon37]

Affected Puppet, Ruby, OS and module versions/distributions

• Puppet: 5.9 + Hiera 4
• Ruby:
• Distribution: Stretch
• Module version: 2.1.0

How to reproduce (e.g Puppet code you use)

letsencrypt::certonly { 'somehost.subdomain.com':
  domains => ['somehost.subdomain.com', 'a.subdomain.com', 'b.subdomain.com'],
  plugin  => 'webroot',
}
letsencrypt::certonly { '*.subdomain.com':
  custom_plugins  => true,
}

What are you seeing

When I want to create a certificate for a wildcard domain, using the wildcard character *, this one is interpreted by the shell and replaced by all files present in current working directory of the command
The shell globbing function work by replacing all * with all files that match. So if you have previously defined a certificate that match the pattern (see exemple below) the problem occur

This problem may not have already occur because when no file match, the shell leave the wildcard in place as in this example :

[root@laptop-pg03 test]$ ls    # an empty directory
[root@laptop-pg03 test]$ echo *
*
[root@laptop-pg03 test]$ touch fic
[root@laptop-pg03 test]$ echo *
fic

What behaviour did you expect instead

The certbot command must be run with all domain name single quoted.

Output log

Certonly[letsencrypt-*.example.com]/Exec[letsencrypt certonly letsencrypt-*.example.com]/returns: usage:
Certonly[letsencrypt-*.example.com]/Exec[letsencrypt certonly letsencrypt-*.example.com]/returns: certbot [SUBCOMMAND] [options] [-d DOMAIN] [-d DOMAIN] ...
Certonly[letsencrypt-*.example.com]/Exec[letsencrypt certonly letsencrypt-*.example.com]/returns:
Certonly[letsencrypt-*.example.com]/Exec[letsencrypt certonly letsencrypt-*.example.com]/returns: Certbot can obtain and install HTTPS/TLS/SSL certificates.  By default,
Certonly[letsencrypt-*.example.com]/Exec[letsencrypt certonly letsencrypt-*.example.com]/returns: it will attempt to use a webserver both for obtaining and installing the
Certonly[letsencrypt-*.example.com]/Exec[letsencrypt certonly letsencrypt-*.example.com]/returns: certificate.
Certonly[letsencrypt-*.example.com]/Exec[letsencrypt certonly letsencrypt-*.example.com]/returns: certbot: error: unrecognized arguments: local.*.example.com preprod.*.example.com uat.*.example.com uat2.*.example.com
Error: 'certbot --text --agree-tos --non-interactive certonly -d *.*.example.com --manual --manual-auth-hook /usr/local/bin/certbot_rfc2136_auth.sh' returned 2 instead of one of [0]
Error: /Stage[main]/Profile::Letsencrypt/Brscommon::Define::Letsencrypt_certificate[*.*.example.com]/Letsencrypt::Certonly[letsencrypt-*.example.com]/Exec[letsencrypt certonly letsencrypt-*.example.com]/returns: change from notrun to 0 failed: 'certbot --text --agree-tos --non-interactive certonly -d *.*.example.com ' returned 2 instead of one of [0]
Certonly[letsencrypt-*.example.com]/File[/opt/puppetlabs/puppet/cache/letsencrypt/renew-letsencrypt-*.example.com.sh]/content:
--- /opt/puppetlabs/puppet/cache/letsencrypt/renew-letsencrypt-*.example.com.sh 2019-03-05 18:26:24.915103204 +0100
+++ /tmp/puppet-file20190305-11226-1ccf8ao    2019-03-05 18:31:11.273970967 +0100
@@ -1,2 +1,2 @@
 #!/bin/sh
-certbot --text --agree-tos --non-interactive certonly --keep-until-expiring -d *.example.com
\ No newline at end of file
+certbot --text --agree-tos --non-interactive certonly --keep-until-expiring -d *.*.example.com
\ No newline at end of file 

Any additional information you'd like to impart

I will provided a PR to fix this issue