Add a renew subcommand to puppet ssl

[jay7x]

TODO:

• Add unit test
• Test it in reality

[ekohl]

I like the idea. Thoughts:

• Should it be just puppet ssl renew?
• Should it look at the expiration date and only renew if it's at X% towards its expiration?
• If the above is implemented, should it have a --force option to force a renewal?

[jay7x]

• Should it be just puppet ssl renew?

That was my original idea.. But then I decided to follow what we already have (download_cert e.g.). I'm fine to rename back.

• Should it look at the expiration date and only renew if it's at X% towards its expiration?

Ideally, yes.

• If the above is implemented, should it have a --force option to force a renewal?

There should be one more option then. It should be possible to say "please renew the certificate if it'll expire in this amount of days". Not sure how to call that.. --if-expiring-in-days? --expiry-days?

I'm not sure if having a "please renew the certificate if it's about X% expired" option is really useful. Usually people think in days.. This option exists in vaultbot IIRC, but I never used it. Any opinions?