bzed-letsencrypt puppet module
With the announcement of the Let’s Encrypt dns-01 challenge support we finally had a way to retrieve certificates for those hosts where http challenges won’t work. Also it allows to centralize the signing procedure to avoid the installation and maintenance of letsencrypt clients on all hosts. For an implementation I had the following requirements in my mind: Handling of key/csr generation and certificate signing by puppet. Private keys don’t leave the host they were generated on. »