Autocert Charm

  • By Autocert Charmers
Channel Revision Published Runs on
latest/stable 58 08 Sep 2023
Ubuntu 22.04 Ubuntu 20.04 Ubuntu 18.04 Ubuntu 16.04
latest/candidate 52 27 Jun 2023
Ubuntu 22.04 Ubuntu 20.04 Ubuntu 18.04 Ubuntu 16.04
latest/beta 52 27 Jun 2023
Ubuntu 22.04 Ubuntu 20.04 Ubuntu 18.04 Ubuntu 16.04
latest/edge 52 27 Jun 2023
Ubuntu 22.04 Ubuntu 20.04 Ubuntu 18.04 Ubuntu 16.04
juju deploy autocert
Show information

Learn to deploy on juju >

Platform:

Ubuntu
22.04 20.04 18.04 16.04

Learn about configurations >

  • autocert_ca_cert | string

    X.509 CA certificate for the above, if running without a root-trusted certificate. Copy and paste a PEM-encoded CA certificate into this field.

  • autocert_host | string

    IP address or hostname of service to contact

  • cert_additional_names | string

    A list of comma-separated, key=value pairs specifiying additional names for certificates to be mapped to via symbolic links. The value is a colon separated list of supplementary names, e.g. "test1.example.com=default:example.com, test2.example.com=mail.example.com" Alternatively, multiple key=value pairs can be specified as a YAML list.

  • cert_auth_pairs | string

    A list of comma-separated, key=value pairs representing the certificates to be managed, along with their respective auth tokens, e.g. "test1.example.com=DEADBEEF, test2.example.com=FEEDFACE, test3.example.com=BAADF00D" Alternatively, multiple key=value pairs can be specified as a YAML list.

  • cert_kubernetes_names | string

    A list of comma-separated, key=value pairs specifying certificate to kubernetes secret mappings. The value is a slash separated kubernetes namespace and secret name, e.g. "test1.example.com=production/test1-tls, test2.example.com=staging/test2-tls" Alternatively, multiple key=value pairs can be specified as a YAML list.

  • chain_required | boolean

    Default: True

    Whether an intermediate chain is required for this service

  • dir_certs | string

    Default: /etc/ssl/certs

    Directory to save certs (and chain certs) to (will be created if it does not exist)

  • dir_keys | string

    Default: /etc/ssl/private

    Directory to save private keys to (will be created if it does not exist)

  • extra_packages | string

    Space separated list of extra deb packages to install.

  • filename_prefix | string

    Prefix for saved cert/key files, e.g. "autocert" for "autocert_<foo.example.com>.crt"

  • install_keys | string

    List of signing keys for install_sources package sources, per charmhelpers standard format (a yaml list of strings encoded as a string). The keys should be the full ASCII armoured GPG public keys. While GPG key ids are also supported and looked up on a keyserver, operators should be aware that this mechanism is insecure. null can be used if a standard package signing key is used that will already be installed on the machine, and for PPA sources where the package signing key is securely retrieved from Launchpad.

  • install_sources | string

    Default: ppa:autocert-devs/stable

    PPA or repository to install the package from

  • nagios_context | string

    Default: juju

    Used by the nrpe subordinate charms. A string that will be prepended to instance name to set the host name in nagios. So for instance the hostname would be something like: juju-myservice-0 If you're running multiple environments with the same services in them this allows you to differentiate between them.

  • nagios_servicegroups | string

    A comma-separated list of nagios servicegroups. If left empty, the nagios_context will be used as the servicegroup

  • package_status | string

    Default: install

    The status of service-affecting packages will be set to this value in the dpkg database. Valid values are "install" and "hold".

  • run_weekdays | boolean

    Only run autocert refreshes on weekdays.

  • service_action | string

    Action to run in "service <service_name> <service_action>", e.g. "reload" when certificate changes (one of service_action or service_action_cmd must be specified).

  • service_action_cmd | string

    Command to run when certificate changes (one of service_action or service_action_cmd must be specified).

  • service_name | string

    Service name - this will be used for the /etc/autocert/<service_name> config directory, as well as in "service <service_name> <service_action", if service_action is set.

  • service_test_cmd | string

    Optional command to parse and verify the existing config before restarting/reloading the service, e.g. "/usr/sbin/apachectl configtest". If the return code is 0, then "service <service_name> <service_action>" will be run automatically. If not, then an error will be raised.

  • suffix_cert | string

    Default: .crt

    Suffix for cert files, e.g. ".crt" for "<foo.example.com>.crt"

  • suffix_chain | string

    Default: _chain.crt

    Suffix for CA chain files, e.g. "_chain.crt" for "<foo.example.com>_chain.crt"

  • suffix_key | string

    Default: .key

    Suffix for key files, e.g. ".key" for "<foo.example.com>.key"