Affected Puppet, Ruby, OS and module versions/distributions
- Puppet: 7.5.0 but likely all current supported, eg 6x
- Ruby: 2.7.2
- Distribution: Ubuntu Focal
- Module version: 6.0.0 from Forge
How to reproduce (e.g Puppet code you use)
Step 1: Issue certificate successfully
Step 2: Add additional domains to the array
What are you seeing
At renewal time, the config file in the '/etc/letsencrypt/renewal/' dir is duplicated with pattern "-0001.conf", "-002.conf" etc.
This creates duplicate certificates with the same naming convention with components in various paths such as csr/ keys/ live/ and archive/ under the base /etc/letsencrypt.
What behaviour did you expect instead
The certificate with the same base name (no additional numbers on the end) replaces the old certificate when everything passes validation.
Output log
Redacted logfile available upon request (can't attach directly, too long to copy/paste).
Puppet reports "A OK", no errors.
Any additional information you'd like to impart
Some evidence suggests that if there's more than one certificate per server, the above bug can affect all certificates on the server in the same way even if they haven't had additional domains added to trigger the bug.
Affected Puppet, Ruby, OS and module versions/distributions
How to reproduce (e.g Puppet code you use)
Step 1: Issue certificate successfully
Step 2: Add additional domains to the array
What are you seeing
At renewal time, the config file in the '/etc/letsencrypt/renewal/' dir is duplicated with pattern "-0001.conf", "-002.conf" etc.
This creates duplicate certificates with the same naming convention with components in various paths such as csr/ keys/ live/ and archive/ under the base /etc/letsencrypt.
What behaviour did you expect instead
The certificate with the same base name (no additional numbers on the end) replaces the old certificate when everything passes validation.
Output log
Redacted logfile available upon request (can't attach directly, too long to copy/paste).
Puppet reports "A OK", no errors.
Any additional information you'd like to impart
Some evidence suggests that if there's more than one certificate per server, the above bug can affect all certificates on the server in the same way even if they haven't had additional domains added to trigger the bug.