Skip to content
Snippets Groups Projects
user avatar
Lukas Koenen authored
4443831a
History

ansible-certbot

Deploy certbot and enable auto-renew.

Role Variables

---
# certbot settings
certbot_dns_challenge: false                                                          # default use webserver, true to obtain certificate using dns challenge
certbot_dns_provider: "designate"                                                     # list of available providers https://go-acme.github.io/lego/dns/
dns_provider_auth_env_variables:                                                      # variables required to authenticate dns provider
  OS_AUTH_URL: "https://openstack.example.org"
  OS_REGION_NAME: "RegionOne"
  OS_AUTH_TYP: "v3applicationcredential"                                              # default is to use application credential rather than password
  OS_APPLICATION_CREDENTIAL_ID: "{{ vault_os_application_credential_id }}"
  OS_APPLICATION_CREDENTIAL_SECRET: "{{ vault_os_application_credential_secret }}"


certbot_fqdn:
  - example.de
certbot_admin_email: "admin@example.de"
# certbot_webroot: "/var/www/example"                                                 # if undefined use --standalone

# application settings
# certbot_application: "example"                                                      # if defined copy certs to application dir and setup deploy hooks
certbot_application_dir: "/etc/{{ certbot_application }}"
certbot_application_deploy_hook: |
  #!/bin/sh

  cp {{ certbot_live_dir }}/fullchain.pem {{ certbot_application_dir }}
  cp {{ certbot_live_dir }}/privkey.pem {{ certbot_application_dir }}

  systemctl restart {{ certbot_application }}.service

Example Playbook

# requirements.yaml
roles:
  - name: hdacloud.certbot
    src: git+https://code.fbi.h-da.de/hdacloud/ansible_certbot
    version: main
- hosts: all
  roles:
    - hdacloud.certbot

License

See LICENSE