ansible-ha-letsencrypt

Let's Encrypt is a free service that provides SSL certificates for secure communication on the internet. It can be used for HTTPS traffic and other secure protocols.

This service needs a valid hostname, like my_house.duckdns.org, and it creates SSL certificates from Let's Encrypt. Besides getting the initial certificates, it will also set up a scheduled task to renew them automatically.

When the certificates are renewed, you might need to restart services like nginx or mosquitto that use these certificates for secure connections. There are options to set up commands that will run automatically before and after the certificate update.

Requirements

This should work on any Debian-based system, but it has been tested on a Raspberry Pi running Hassbian.

Role Variables

• certbot_hostnames

  • Example: my_home.duckdns.org,grafana.myhome.duckdns.org
  • This is a list of hostnames (separated by commas) for which the SSL certificate will be issued.

• certbot_pre_hook

  • Example: systemctl stop nginx
  • This is a shell command you want to run before updating your SSL certificate.

• certbot_post_hook

  • Example: systemctl restart mosquitto; systemctl start nginx
  • This is a shell command you want to run after updating your SSL certificates.

• certbot_email

  • Example: [email protected]
  • This is the email address that will receive notifications when your certificate is about to expire (it should renew automatically).

• force_new_cert

  • A boolean option that can be set to force the creation of a new certificate.

Dependencies

None.

Example Playbook

    - hosts: pi
      vars:
        certbot_hostnames: 'my_home.duckdns.org,grafana.myhome.duckdns.org'
        certbot_pre_hook: 'systemctl stop nginx'
        certbot_post_hook: 'systemctl restart mosquitto; systemctl start nginx'
      roles:
         - role: mpataki.ha-letsencrypt

License

MIT