coopdevs.certbot_nginx

Panoramica Versioni Approfondimenti

Certbot NGINX

This is a simple Ansible role to install certbot along with the NGINX plugin on Ubuntu 16.04 and Ubuntu 18.04.

What This Role Does:

  1. Adds the certbot PPA repository.
  2. Installs the certbot and python-certbot-nginx packages.
  3. Sets up a cron job for certificate renewal and creates a systemd timer (More info).
  4. Generates a Let's Encrypt SSL certificate for the specified domain_name.

Important Note:

If you already have Nginx installed and a site set up that points to files in /etc/letsencrypt, the certificate creation will not work (example).

It is generally best to run this role before any other role that sets up or configures Nginx.

Role Variables:

domain_name: www.mydomain.io
letsencrypt_email: [email protected]
certbot_nginx_cert_name: mycert # optional
certbot_version: 0.31.0-1+ubuntu{{ ansible_distribution_version }}.1+certbot+1 # optional
certbot_nginx_version: 0.31.0-1+ubuntu{{ ansible_distribution_version }}.1+certbot+1 # optional

The certbot_nginx_cert_name value will be used as the name for the certificate when you run certbot commands, like certbot delete. You can list your certificates with certbot certificates. This name will also be used in the file paths for the certificate in /etc/letsencrypt/live/.

Example Playbook - Single Certificate:

# Playbook
- hosts: servers
  roles:
    - role: coopdevs.certbot_nginx
      vars:
        domain_name: www.mydomain.io
        letsencrypt_email: [email protected]

Example Playbook - Multiple Certificates:

This role also supports creating and managing multiple certificates on the same host. You can set the variable domain_names and loop through it in your roles.

# Playbook
- hosts: servers
  roles:
    - role: coopdevs.certbot_nginx
      vars:
        letsencrypt_email: [email protected]
    - role: certificates
      vars:
        domain_names:
          - community.coopdevs.org
          - forms.coopdevs.org

To create a custom role that includes certbot_nginx and generates the certificates:

# certificates.yml Role
---
- name: Install SSL certificates
  include_role:
    name: vendor/coopdevs.certbot_nginx
    tasks_from: certificate.yml
  with_items: "{{ domain_names }}"
  loop_control:
    loop_var: domain_name

Use loop_control to link the item variable from with_items to the loop_var as domain_name. See the loop_control documentation.

Updating Existing Certificates:

If your site's details change after the certificate is created, you can update the domain list. The role will check for differences between the certificate's domains and the new list to decide if the certificate needs renewal. If you want to force renewal, set certbot_force_update: true or use --extra-vars "certbot_force_update=true" in the command line.

Let's Encrypt Staging Environment:

This role has a letsencrypt_staging variable that defaults to no. For development or testing purposes, you can change it to yes by using Command Line Variables --extra-vars "letsencrypt_staging=yes".

Using this will access the Let's Encrypt Staging Environment and lower the chance of hitting rate limits.

License:

BSD

Author Information:

Coopdevs http://coopdevs.org

Informazioni sul progetto

free software for Social and Solidarity Economy

role certbot certificates https letsencrypt nginx ssl
Installa
ansible-galaxy install coopdevs.certbot_nginx
GitHub repository
17 stelle
13 fork
3 problemi aperti
Licenza
Unknown
Download
36.4k
Proprietario
coopdevs
Coopdevs, Free and Open Source Software for Social and Solidarity Economy.