Ansible role to fetch and publish Let's Encrypt certificates.
Building and improving this Ansible role have been sponsored by my current and previous employers like Cloudpunks GmbH and Proact Deutschland GmbH.
- Requirements
- Default Variables
- letsencrypt_account_email
- letsencrypt_account_key
- letsencrypt_cert_city
- letsencrypt_cert_country
- letsencrypt_cert_organization
- letsencrypt_cert_paths
- letsencrypt_cert_province
- letsencrypt_certificates
- letsencrypt_challenge_mapping
- letsencrypt_cluster_enabled
- letsencrypt_cluster_nodes
- letsencrypt_extra_certs
- letsencrypt_nsupdate_algorithm
- letsencrypt_nsupdate_name
- letsencrypt_nsupdate_secret
- letsencrypt_nsupdate_server
- letsencrypt_production_armed
- letsencrypt_reload_services
- letsencrypt_request_output
- letsencrypt_restart_services
- Discovered Tags
- Dependencies
- License
- Author
- Minimum Ansible version:
2.10
Email address used for Let's Encrypt
letsencrypt_account_email: hostmaster@localhostPath to Let's Encrypt account key
letsencrypt_account_key: account.keyCity used for the SSL configuration
letsencrypt_cert_city: NurembergCountry used for the SSL configuration
letsencrypt_cert_country: DEOrganization used for the SSL configuration
letsencrypt_cert_organization: DevOps TeamPaths to store the certificates
letsencrypt_cert_paths:
- /etc/ssl/letsencryptletsencrypt_cert_paths:
- /etc/haproxy/ssl
- path: /etc/caddy
owner: caddy
group: caddy
mode: u=rwx,g=x,o=xProvince used for the SSL configuration
letsencrypt_cert_province: BavariaList of certificate definitions
letsencrypt_certificates: []letsencrypt_certificates:
- name: foobar
challenge: nsupdate
common_name: foobar.com
alternate_names:
- '*.foobar.com'
- name: example
challenge: http
common_name: example.com
alternate_names:
- sub1.example.com
- sub2.example.com
- sub3.example.comMapping of challenge types
letsencrypt_challenge_mapping:
http: http-01
nsupdate: dns-01Enable clustered mode
letsencrypt_cluster_enabled: falseList of nodes part of the cluster
letsencrypt_cluster_nodes: []letsencrypt_cluster_nodes:
- node01
- node02
- node03Additional certificates to add
letsencrypt_extra_certs: []letsencrypt_extra_certs:
- foobar.pem
- name: general.pem
owner: root
group: haproxy
mode: u=rwx,g=x,o=xTSIG algorithm for nsupdate DNS challenges
letsencrypt_nsupdate_algorithm: hmac-sha512TSIG name for nsupdate DNS challenges
letsencrypt_nsupdate_name:TSIG secret for nsupdate DNS challenges
letsencrypt_nsupdate_secret:Server used for nsupdate DNS challenges
letsencrypt_nsupdate_server:Enable production authority
letsencrypt_production_armed: falseList of services to reload
letsencrypt_reload_services: []letsencrypt_reload_services:
- haproxy
- apachePrint cert information after request
letsencrypt_request_output: trueList of services to restart
letsencrypt_restart_services: []letsencrypt_restart_services:
- traefikletsencrypt
skip_ansible_later
Apache-2.0