support for community.crypto.acme_certificate_module?
baradhili opened this issue · 1 comments
- [X ] I've read the guidelines for Contributing to Roots Projects
- [X ] This request isn't a duplicate of an existing request
- [X ] This is not a personal support request that should be posted on the Roots Discourse community
Summary
Letsencrypt is fragile as it is and seems to depend on variables set in other modules as well. Ansible has a module builtin now that duplicates its function and is actively supported - it seems sensible to move to this
Motivation
Letsencrypt is a custom role in Trellis. Its fragile and tends to break when you are modifying things beyond default.
Ansible has a module builtin now that supports Letsencrypt and Buypass that is supported.
Switching to this module https://docs.ansible.com/ansible/latest/collections/community/crypto/acme_certificate_module.html. Will reduce support load and improve stability
Additional context
Add any other context or screenshots about the feature request here.
I've looked into different options a few times. Not only Ansible's built-in module but some other libraries that are more featured and switching has never been that easy. Just generating a cert from LE isn't the hard part, but all the other integration into Trellis' roles/playbooks.
I'm happy to support someone trying this, but I doubt I'm going to actively work on it myself. Yes there's been a few minor issues with our custom role over the years, but it's been pretty stable and reliable for the most part.