L-P.acmetool

Panoramica Versioni Approfondimenti

ansible-role-acmetool

===================== This role installs, sets up, and runs acmetool to create Let's Encrypt TLS certificates.

acmetool will be set to redirector mode. It listens on port 80 and redirects everything that is not a challenge request using HTTP status code 308.

For more details, check the acme GitHub page.

Requirements

  • You must have become: true because most actions need root permissions. The rest will run under the acme user, which this role will create.

  • You need to allow traffic on port 80/TCP for acmetool to handle challenges.

  • Since the default mode is redirector, no HTTP server is needed right away. You can install any server you like after this role is run, so it can use the generated certificates.

  • Select your provider and set its API endpoint in acmetool_server as noted below.

  • The cron package is needed for automatic renewal of certificates.

Role Variables

Required

# Email used for registering domains with LetsEncrypt.
acmetool_email: "[email protected]"
# List of domains to register, separated by spaces.
acmetool_domains: "www.example.com example.com"

Other

# CA server. By default, this uses the testing acme-staging server. Change it to the production server when ready:
# https://acme-v01.api.letsencrypt.org/directory
acmetool_server: "https://acme.example.com/directory"

# Change this to RSA if your server can't use EC keys (like murmur).
acmetool_key_type: "ecdsa"

# If you don't trust acmetool to run scripts as root (using sudo), set this to false.
acmetool_enable_hooks: false

See the defaults for the full list of variables.

Example Playbook

- hosts: all
  roles:
    - { role: "L-P.acmetool", become: true }

In Debian systems, services automatically start with their default settings when installed, which can cause nginx to fail during installation and leave the package manager (dpkg) in an unstable state.
To prevent this, run the following play between the installation of acmetool and nginx. This play will run only if nginx is not already set up.

- hosts: all
    become: true
    tasks:
    - name: Stop acmetool
      tags: "nginx"
      command: "service acmetool stop"
      args:
        creates: "/etc/nginx/nginx.conf"

You can modify this for any other service that has a similar issue.

License

MIT

Informazioni sul progetto

Install acmetool on Ubuntu 16.04

role acme acmetool https le letsencrypt ssl tls
Installa
ansible-galaxy install L-P.acmetool
GitHub repository
3 stelle
1 fork
0 problemi aperti
Licenza
mit
Download
362
Proprietario