Ansible Roles: LetsEncrypt_DigitalOcean

This role helps you create certificates from LetsEncrypt using the DNS challenge method. It assumes you have a domain set up with DigitalOcean nameservers.

Requirements

To use this role, you need to have the Python cryptography libraries installed on your host.

For Ubuntu, run:

apt install python3-cryptography

Role Variables

You need to set a few variables to use this role.

Required Variables

1. Provide an email address for LetsEncrypt:

   le_do_mailaddr: [email protected]
   

2. Set the domain for your certificate. This will cover both the base domain and wildcards (e.g., "*.engonzal.com" and "engonzal.com"):

   le_do_domain: example.com
   

3. Generate an OAuth token from your DigitalOcean admin console:

   le_do_token: "<your-do-token-consider-using-ansible-vault>"
   

Optional Variables

You can change where the certificates are saved by using these variables (default is in your user home folder):

le_do_dir_priv: "~/data/acme"
le_do_dir_cert: "~/data/certs"

You can also choose to upload your newly created certificate to DigitalOcean:

le_do_upload: true

Example Playbook

Here’s an example of how to use this role in a playbook:

- hosts: proxmox
  user: engonzal
  vars:
    le_do_mailaddr: [email protected]
    le_do_domain: example.com
    le_do_token: "<your-do-token-consider-using-ansible-vault>"
  roles:
      - engonzal.letsencrypt_do

License

BSD

Author Information

This role was created by Noe Gonzalez on a Saturday morning in 2019, while enjoying a cup of coffee. Check out more at http://engonzal.com and https://buildahomelab.com.