hxpro/ansible-role-letsencrypt

hxpro.letsencrypt

Manage LetsEncrypt challenges on a single or multi node infrastructure. (this role is under development, do not use it at production environment)

Let's Encrypt submit all certificates to Certificate Transparency logs. You can check your domain by: https://crt.sh/?CN=hxpro.cz

Requirements

Properly set DNS for all your web nodes

Role Variables

le_server: 'https://acme-staging-v02.api.letsencrypt.org/directory'
le_cert_home: '/etc/pki/tls/certs/'
le_account_key: '/etc/pki/tls/private/le_account.key'
le_account_email: 'webmaster@example.com'
le_shared_key: '/etc/pki/tls/private/le_shared.key'
le_csr_home: '/etc/pki/tls/csr/'
le_payload_root: '/var/www/html/le/'
le_domains:
  - name: 'example.com'
    alt:
      - 'www.example.com'
      - 'web.example.com'
      - 'mail.example.com'
  - name: 'example.net'
    alt:
      - 'www.example.net'
le_dhparam: '/etc/pki/tls/private/dhparam.pem'
le_remaining_days: 21

Dependencies

• hxpro.nginx

Example Playbook

- hosts: webservers
  roles:
    - role: hxpro.letsencrypt
      le_server: 'https://acme-v02.api.letsencrypt.org/directory'
      le_account_email: 'webmaster@example.com'

License

WTFPL

Author Information

Matěj Koudelka matej@hxpro.cz