~nromdotcom/gemif

ref: a458f93891ec4c1f10a9f4ca83b38ab51590a001 gemif/infra/tls.tf -rw-r--r-- 709 bytes
a458f938Norm MacLennan Variableize Terraform 1 year, 1 month ago
                                                                                
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
provider "tls" {}
provider "acme" {
  # Since actual CA signing doesn't matter, let's just stick with LE staging
  # for now.
  server_url = "https://acme-staging-v02.api.letsencrypt.org/directory"
}

resource "tls_private_key" "gemif" {
  algorithm   = "ECDSA"
  ecdsa_curve = "P384"
}

resource "acme_registration" "le_reg" {
  account_key_pem = tls_private_key.gemif.private_key_pem
  email_address   = var.le_email_address
}

resource "acme_certificate" "cert" {
  account_key_pem = acme_registration.le_reg.account_key_pem
  key_type        = "P384"

  common_name        = "${var.gemif_subdomain_name}${var.gemif_zone_name}"
  min_days_remaining = "14"

  dns_challenge {
    provider = "route53"
  }
}