Currently CSRs are generated on the client and then shipped to the puppetmaster to request the cert. It involves many puppet runs - 2 on the client for the initial CSR, 2 on the puppetmaster for the request and signing, and at least one on the client to collect the certs.
Further, if a CSR is requested for the same domain from multiple nodes it will generate a duplicate resource and any further puppet runs will crash:
https://github.com/bzed/bzed-letsencrypt/issues/26
Look to refactor how a CSR is generated and certs are requested and deployed, to reduce the number of steps and allow certs to be requested/deployed from multiple nodes.
Currently CSRs are generated on the client and then shipped to the puppetmaster to request the cert. It involves many puppet runs - 2 on the client for the initial CSR, 2 on the puppetmaster for the request and signing, and at least one on the client to collect the certs. Further, if a CSR is requested for the same domain from multiple nodes it will generate a duplicate resource and any further puppet runs will crash: https://github.com/bzed/bzed-letsencrypt/issues/26
Look to refactor how a CSR is generated and certs are requested and deployed, to reduce the number of steps and allow certs to be requested/deployed from multiple nodes.