An ansible role to issue acme certificates with dns challenge verification using cloudflare's name service
The most common user overridable parameters for the role are
required | variable | description | default |
---|---|---|---|
yes | acme_certificate_domain | the fqdn to generate an acme certificate for | ansible_fqdn |
yes | acme_certificate_email | the mail used to generate the acme certificate | undefined |
yes | acme_certificate_cf_account_email | cloudflare api user email | lookup('env', 'CF_ACCOUNT_EMAIL') |
yes | acme_certificate_cf_account_token | cloudflare api user token | lookup('env', 'CF_ACCOUNT_TOKEN') |
no | acme_certificate_group_members | members to add to the owner group for certificate files | [] |
no | acme_certificate_add_ca | add acme ca to the | false |
no | acme_certificate_caurl | url to ca certificate | https://letsencrypt.org/certs/isrgrootx1.pem.txt |
no | acme_certificate_directory | url to ca directory | https://acme-v01.api.letsencrypt.org/directory |
no | acme_certificate_cafile (*) | define to create symlink to issuing ca cert file | _undefined |
no | acme_certificate_intcafile (*) | define to create symlink to issuing intermediate ca cert file | undefined |
no | acme_certificate_certfile (*) | define to create symlink to cert file | undefined |
no | acme_certificate_chainfile (*) | define to create symlink to certificate chain file | undefined |
no | acme_certificate_keyfile (*) | define to create symlink to certificate key file | undefined |
You can view an example redefinition of some of the above parameters, most notably the ones concerning certificate ca in the CI test configuration file
(*) useful for backwards compatibility with existing nginx/apache configurations
Please refer to the defaults file for an up to date list of input parameters.
See the https://raw.githubusercontent.com/nephelaiio/ansible-role-requirements/master/requirements.txt and meta.yml files for more details
- hosts: servers
vars:
acme_certificate_email: ci@nephelai.io
acme_certificate_domain: "{{ ansible_fqdn }}"
acme_certificate_cf_account_email: ci@nephelai.io
acme_certificate_cf_account_token: xxxxxxxxxx
roles:
- role: nephelaiio.acme-certificate-cloudflare
## Testing
Please make sure your environment has [docker](https://www.docker.com) installed in order to run role validation tests. Additional python dependencies are listed in the [requirements file](/requirements.txt)
Role is tested against the following distributions (docker images):
* Ubuntu Focal
* Ubuntu Bionic
* Debian Buster
* CentOS 7
You can test the role directly from sources using command ` molecule test `
## License
This project is licensed under the terms of the [MIT License](/LICENSE)