0

Here it’s my implementation.

resource "linode_instance" "server" {
  count  = 1
  label  = "server-${count.index}"
  region = "ap-west"
  image  = "linode/ubuntu21.10"
  type   = "g6-nanode-1"
  tags   = ["prod"]
  root_pass      = var.linode_instance_root_password
  stackscript_id = linode_stackscript.nodejs_script.id
  stackscript_data = {
   "dns" = "server-${count.index}"
   "email" = var.ssl_certificate_email
  }
}

resource "cloudflare_record" "server" {
  zone_id = var.cloudflare_zone_id
  name    = "server-${count.index}"
  count   = "${length(linode_instance.server)}"
  value   = "${linode_instance.server[count.index].ip_address}"
  ttl     = 1
  type    = "A"
}

I can create the certificate.pem and private key.pem files with certbot in Linode Script however since I create the DNS resource after the Linode instance creation it’s not possible to do that. What are the best practices for this?

Note: I've also tried to create wildcard certification (as explained in here) but I'm not sure how can I copy the certificate files to my servers?

Update

sudo apt-get --assume-yes install certbot
# <UDF name="dns" label="System Package to Install" example=“server" default="">
sudo certbot certonly --standalone --non-interactive --agree-tos -m ...@mail.com -d $DNS
BySpecops.
  • 23
  • 7
  • And what would happen if you were to try creating certificates? Would the code fail? – Marko E Mar 14 '22 at 19:52
  • I'm not sure how can I create the certificates. Normally, I was using `certbot` and installing directly to the instance. But here since the domain record is not created yet, I'm not sure how it will work. Here it is some details, about the problem I've asked. https://serverfault.com/questions/1096137/how-to-lets-encrypt-wildcard-ssl-certificate-on-multiple-servers There's also an option to pass the data with Stack Script. https://registry.terraform.io/providers/linode/linode/latest/docs/resources/stackscript Nothing worked yet. – BySpecops. Mar 14 '22 at 19:59
  • @MarkoE I've updated the question and included the stack script data script and stackscript_data under the linode-instance – BySpecops. Mar 14 '22 at 20:03
  • Does an instance get created when you set `count = 0`? – Marko E Mar 14 '22 at 21:41
  • No, actually I make it > 0. I have forgotten while testing, assume that is > 0. – BySpecops. Mar 14 '22 at 22:23
  • Ah, I was thinking you need an SSH key. In this case, you might use Terraform output to generate the certificate using the `certbot`. – Marko E Mar 15 '22 at 09:42
  • Do you plan on having more than one server and server DNS record? – Marko E Mar 15 '22 at 09:53
  • Yes, I plan to have multiple servers for different regions as I described here: https://serverfault.com/questions/1096137/how-to-lets-encrypt-wildcard-ssl-certificate-on-multiple-servers – BySpecops. Mar 15 '22 at 11:13
  • Wouldn't the servers have different FQDN in that case? Copying the certificate over wouldn't work, would it? – Marko E Mar 15 '22 at 11:15
  • I'm not sure, if I use a wildcard certificate, wouldn't it? – BySpecops. Mar 15 '22 at 11:55
  • Ok, and a wildcard record can be created with the current CloudFlare resource from the question? How would the command for the certbot look then? I am asking because I am trying to figure out the answer to this question. :) – Marko E Mar 15 '22 at 12:25
  • Instead of certbot I've followed the following: https://itnext.io/lets-encrypt-certs-with-terraform-f870def3ce6d I'm able to create SSL certificates now and put the files to Linode object storage. However, I'm still not sure if I just download that files on my Linode script (where I install packages to my Ubuntu and start the Nodejs Express server), would it work correctly. – BySpecops. Mar 15 '22 at 12:36

0 Answers0