Giter VIP home page Giter VIP logo

ansible-role-acmetool's Introduction

ansible-role-acmetool

Install, configure and run acmetool to generate Let's Encrypt TLS certificates.

acmetool will be configured to use its redirector mode. It will listen on port 80 and redirect (HTTP 308) anything that is not a challenge request.

See acme on GitHub for details.

Requirements

  • become: true is required as most actions need to be run as root, the rest is run under acme which will be created by the role.

  • You need to open port 80/TCP for acmetool to serve challenges.

  • As the redirector mode is used by default, no HTTP server is required to run. You can install whatever server you want to run after running this role so it can use the generated certificates.

  • Chose your provider and set its API endpoint in acmetool_server, see below.

  • The cron package is required for automatic renewal.

Role Variables

Required

# Address used to register domains with LetsEncrypt.
acmetool_email: "[email protected]"
# space-separated list of domains to register.
acmetool_domains: "www.example.com example.com"

Other

# CA server. This defaults to the acme-staging server for testing purposes.
# You will need to change this to the production server :
# https://acme-v01.api.letsencrypt.org/directory
acmetool_server: "https://acme.example.com/directory"

# Change this to RSA if your server does not support EC keys (eg. murmur).
acmetool_key_type: "ecdsa"

# If you don't trust acmetool to run hooks as root (sudo), set this to false.
acmetool_enable_hooks: false

See the defaults for the complete list.

Example Playbook

- hosts: all
  roles:
    - { role: "L-P.acmetool", become: true }

Because on Debian services are automatically enabled and started with their default configuration when installed, nginx will fail to install and leave dpkg in a semi-broken state.
To avoid this you can run the following play between the installation of acmetool and nginx. It will only run if nginx is not yet configured.

- hosts: all
    become: true
    tasks:
    - name: Stop acmetool
      tags: "nginx"
      command: "service acmetool stop"
      args:
        creates: "/etc/nginx/nginx.conf"

You can adapt this for any other service that fails the same way.

License

MIT

ansible-role-acmetool's People

Contributors

l-p avatar

Watchers

avatar avatar avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.