Allow additional domains to be add later

This commit adds support for expansion of an already existing certificate by checking if every in Puppet configured domain is present in the certificate on the filesystem. Fixes voxpupuliGH-94.
syseleven · Sep 4, 2018 · ed72608 · ed72608
1 parent 3c799e5
commit ed72608
Showing 1 changed file with 4 additions and 3 deletions.
diff --git a/manifests/certonly.pp b/manifests/certonly.pp
@@ -52,9 +52,9 @@
   }
 
   if ($custom_plugin) {
-    $command_start = "${letsencrypt_command} --text --agree-tos --non-interactive certonly "
+    $command_start = "${letsencrypt_command} --text --agree-tos --non-interactive --expand certonly "
   } else {
-    $command_start = "${letsencrypt_command} --text --agree-tos --non-interactive certonly -a ${plugin} "
+    $command_start = "${letsencrypt_command} --text --agree-tos --non-interactive --expand certonly -a ${plugin} "
   }
 
   if $plugin == 'webroot' {
@@ -82,11 +82,12 @@
   $live_path = "${config_dir}/live/${domains[0]}/cert.pem"
 
   $execution_environment = [ "VENV_PATH=${letsencrypt::venv_path}", ] + $environment
+  $verify_domains = join($domains, ' -d ')
   exec { "letsencrypt certonly ${title}":
     command     => $command,
     path        => $::path,
     environment => $execution_environment,
-    creates     => $live_path,
+    unless      => [ "test -f ${live_path}", "${letsencrypt_command} certificates -d ${verify_domains}"],
     require     => Class['letsencrypt'],
   }