Open c33s opened 2 years ago
Any update on this? I'm stuck on this aswell
Unfortunately, this is currently not supported. In order to recover from this situation, run the following on both the Puppetserver and the affected Node: https://github.com/markt-de/puppet-acme#rebuilding-nodes
In order to support changing CA for existing certs, it would be necessary to add this information to the name of every file that is used by acme.sh:
(I consider this a bug, because it is an unexpected result. However, the module was not designed for this in the first place, so in reality this is a somewhat complicated feature request.)
i would have opened a discussion if they where enabled in this git repo. i am not sure if i simply do something wrong or if i found a bug.
for the development i created the certificates with the ca
letsencrypt_test
. this worked quite well, just needed some puppet runs and the certificate was correctly there. after that i switched to the caletsencrypt
but the certificates where still from the test ca. i wasn't able to force a regeneration of the cert. so i tried to delete the complete acme folder from the client but after the puppet run the i got wrong certs again. also tried to delete the folder on server and client which led me to an unusable system (not exactly in this order, i played around a bit) as "suddenly" the private key doesn't match the cert any more.am i doing something wrong? should this module be able to switch ca's? how can i start-over? how to force regeneration?