bendews.letsencrypt-cloudflare

Panoramica Versioni Approfondimenti

Build Status

LetsEncrypt-Cloudflare

This role makes it easier to renew LetsEncrypt Certificates when using Cloudflare for DNS management.

Requirements

  • Python version 2.6 or higher
  • OpenSSL (will be installed automatically if compatible)

Role Variables

Here are the variables you can use, along with their default values (check defaults/main.yml for more variables you can adjust).

Required Fields:

  • letsencrypt_email: Your email for LetsEncrypt
  • cloudflare_email: Your email for Cloudflare
  • cloudflare_api_key: Your Cloudflare 'Global' API key
  • cloudflare_domain: The domain managed by Cloudflare

Important Notes:

By default, the role uses the inventory hostname as the Common Name for the certificate request. The generated certificate files will be stored in /etc/ssl/[Certificate Common Name], and all LetsEncrypt account files will go in /etc/ssl/lets_encrypt. You can change these paths (see defaults/main.yml).

You can also copy and rename the certificate files to a different location after they are created by adjusting these variables:

  • copy_csr_full_path: Path for the CSR file
  • copy_crt_full_path: Path for the CRT file
  • copy_key_full_path: Path for the private key
  • copy_intermediate_full_path: Path for the intermediate file (requires include_intermediate to be 'yes')
  • copy_fullchain_full_path: Path for the full chain file (requires include_intermediate to be 'yes')

By default, the role uses the "staging" LetsEncrypt servers, which create working but untrusted certificates. To create valid certificates, set:

  • letsencrypt_production: yes

You can remove generated files after using them by setting this variable:

  • cleanup_all: yes

Example Playbook

- hosts: servers
  tasks:
    - name: Renew or download new SSL certificates
      include_role:
        name: letsencrypt-cloudflare
      vars:
        letsencrypt_email: "[email protected]"
        cloudflare_email: "[email protected]"
        cloudflare_domain: "abc.com"
        cloudflare_api_key: "AAABBBCCCDDDEEE111222333"
        letsencrypt_production: yes
        include_intermediate: yes

TODO:

  • Add support for multiple Common Names (CNs)

License

MIT

Author Information

Created in 2017 by Ben Dews

Informazioni sul progetto

LetsEncrypt renewal using Cloudflare DNS

role cloudflare https letsencrypt ssl web
Installa
ansible-galaxy install bendews.letsencrypt-cloudflare
GitHub repository
19 stelle
19 fork
4 problemi aperti
Licenza
mit
Download
4.5k
Proprietario
Ben Dews
Engineer with a passion for network & infrastructure automation