SSL Certificates Using ACME

This role helps manage SSL certificates for specified hosts using the ACME protocol.

By default, we use Pebble (https://github.com/letsencrypt/pebble), but it can work with any other ACME-compatible server if set up correctly.

Requirements

Before using this role, you need the following Ansible collections:

• community.general
• community.crypto

On the Ansible Control Host, you need:

• Access to a DNS authoritative server for the domain where you want certificates. This is required if you use the DNS-01 method (my personal recommendation, this is the best choice!) OR
• Access to the web server for the website you want a certificate for.
• HTTPS access to the ACME server's API.

This role will request the certificates from the Ansible Control Host and then distribute them, enabling the use of the same certificate on multiple systems (like on a reverse proxy for webmail and the mail server).

How to Use

After meeting the requirements, follow these steps to use this role:

• Install the role (from Galaxy or directly from GitHub).
• Copy the default settings file to your inventory (or wherever you keep them) and fill in the necessary information.
• Add the role to your main playbook.
• Run Ansible.
• ???
• Profit!

Once this role finishes, it will place all requested certificates on the servers where you want them.

Note: This role does not change any software configuration to use these certificates! It will create a group on your system called 'ssl-cert' with permissions to access the certificate files.