ansible-certbot
Deploy certbot and enable auto-renew.
Role Variables
---
# certbot settings
certbot_dns_challenge: false # default use webserver, true to obtain certificate using dns challenge
certbot_dns_provider: "designate" # list of available providers https://go-acme.github.io/lego/dns/
dns_provider_auth_env_variables: # variables required to authenticate dns provider
OS_AUTH_URL: "https://openstack.example.org"
OS_REGION_NAME: "RegionOne"
OS_AUTH_TYP: "v3applicationcredential" # default is to use application credential rather than password
OS_APPLICATION_CREDENTIAL_ID: "{{ vault_os_application_credential_id }}"
OS_APPLICATION_CREDENTIAL_SECRET: "{{ vault_os_application_credential_secret }}"
certbot_fqdn:
- example.de
certbot_admin_email: "admin@example.de"
# certbot_webroot: "/var/www/example" # if undefined use --standalone
# application settings
# certbot_application: "example" # if defined copy certs to application dir and setup deploy hooks
certbot_application_dir: "/etc/{{ certbot_application }}"
certbot_application_deploy_hook: |
#!/bin/sh
cp {{ certbot_live_dir }}/fullchain.pem {{ certbot_application_dir }}
cp {{ certbot_live_dir }}/privkey.pem {{ certbot_application_dir }}
systemctl restart {{ certbot_application }}.service
Example Playbook
# requirements.yaml
roles:
- name: hdacloud.certbot
src: git+https://code.fbi.h-da.de/hdacloud/ansible_certbot
version: main
- hosts: all
roles:
- hdacloud.certbot
License
See LICENSE