~nromdotcom/gemif

ref: 0ff198c9226ce4f63f11d9b3a2287730003c1748 gemif/infra/tls.tf -rw-r--r-- 671 bytes
0ff198c9Norm MacLennan Update systemd unit file to always restart 1 year, 1 month ago
                                                                                
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
provider "tls" {}
provider "acme" {
  # Since actual CA signing doesn't matter, let's just stick with LE staging
  # for now.
  server_url = "https://acme-staging-v02.api.letsencrypt.org/directory"
}

resource "tls_private_key" "gemif" {
  algorithm   = "ECDSA"
  ecdsa_curve = "P384"
}

resource "acme_registration" "le_reg" {
  account_key_pem = tls_private_key.gemif.private_key_pem
  email_address   = "norm@fedi.farm"
}

resource "acme_certificate" "cert" {
  account_key_pem = acme_registration.le_reg.account_key_pem
  key_type        = "P384"

  common_name        = "gemif.fedi.farm"
  min_days_remaining = "14"

  dns_challenge {
    provider = "route53"
  }
}