vancluever
commented
6 years ago Hey @apetresc, thanks for the report and the kind words! Very much appreciated :slightly_smiling_face:
The issue is that acme_certificate does not refresh the certificate right now against the CA because there is no way to do it in lego. So there's no easy way for us to query for the certificate and force a new resource if it 404s, at this time.
If this ever becomes available in lego, I'd love to see what work would be necessary in making this happen, but we can't really do anything here until it is. Of course, everything can be added, but as mentioned in #55, my time these days is pretty limited, so I can't really guarantee an ETA and I don't necessarily want things sitting in the issue backlog at this time
When the provider is upstreamed (possibly as early as 2 or so weeks), we might have some more help in making this happen.
Thanks again!
I migrated over to terraform-provider-acme v1.0.0 just now, with the new protocol. Obviously, I tested with
provider.acme.server_url = "https://acme-staging-v02.api.letsencrypt.org/directory"while I made sure everything worked (it did - awesome job!)But then when I wanted to get a prod certificate, and I switched to
provider.acme.server_url = "https://acme-v02.api.letsencrypt.org/directory"and ranterraform plan, and it detected no changes. Obviously I was expecting it to re-issue a certificate against the newserver_url, even though the existing staging one is "valid".I know I can force a new resource, but this seems like a bug worth reporting. Thanks again for this excellent resource!