inofix.acme-request

Panoramica Versioni Approfondimenti

Acme Request

This is an Ansible role designed for creating a certificate request, and only that. If you need to sign certificates, check out inofix.acme-tiny-sign.

This role can be used on any host that needs certificates for itself or signs certificates for other hosts.

When the host uses certificates, a private key and a Certificate Signing Request (CSR) are created. For hosts that only sign CSRs for other hosts, the CSRs are deployed. (Refer to inofix.acme-setup for an overview.)

Development of this role started within zwischenloesung.acme-tiny-setup and was later separated.

Why We Don't Use Existing Roles?

  • First, please read the "Promise" section below. We require something reliable.
  • This role will be used with maestro and must follow the logic used there. (However, the role can also be used without maestro.)

State

Current status: preSTABLE (Feature-Freeze/Release Candidate)

Promise

While this role may change in the future, we will only add features without breaking compatibility with older versions.

If major changes become necessary, a new role will be created, likely with a version suffix.

Installation

To install the role, run:

ansible-galaxy install inofix.acme-request

Requirements

  • Ansible version greater than 2.0
  • Python 2 or 3 on the target host
  • Generic UNIX system following FHS (Filesystem Hierarchy Standard)
  • Sudo access
  • Systemd (as default)

Role Variables

Here are the available role variables:

  • app__acme__os__cert_group: Optional, defaults to {{ default__acme__group }}
  • app__acme__user: Optional, defaults to acme
  • app__acme__group: Optional, defaults to acme
  • app__acme__home: Optional, defaults to /var/lib/acme
  • app__acme__config_dir: Optional, defaults to /etc/ssl/acme
  • app__acme__openssl_config: Optional, defaults to /etc/ssl/openssl.cnf
  • app__acme__domain: Optional, defaults to [ {domain='example.com'} ]
  • app__acme__key_length: Optional, defaults to 4096
  • fqdn: Optional, defaults to {{ ansible_fqdn | d(inventory_hostname) }}
  • workdir: Optional, defaults to /tmp, used for storing requests for remote signing

Dependencies

This role depends on:

  • inofix.acme-setup

Example Playbook

Here is an example of how to use the role in a playbook:

- hosts: servers
  roles:
    - inofix.acme-request

(Refer to inofix.acme-setup for more information.)

License

This role is licensed under GPLv3.

Author Information

Informazioni sul progetto

Prepare a csr for Let's Encrypt

role acme acmetiny cert certificate certificates certs letsencrypt ssl system tls
Installa
ansible-galaxy install inofix.acme-request
GitHub repository
1 stelle
2 fork
0 problemi aperti
Licenza
gpl-3.0
Download
182
Proprietario
INOFIX
INOFIX is a Luzern based software company focused on the development of free software and system solutions.