nephelaiio.acme_certificate_cloudflare
nephelaiio.acme-certificate-cloudflare
This is an Ansible role designed to create ACME certificates using DNS authentication via Cloudflare.
Role Variables
Here are some important settings that you can change when using this role:
| Required | Variable | Description | Default |
|---|---|---|---|
| Yes | acme_certificate_domain | The fully qualified domain name (FQDN) for the certificate | ansible_fqdn |
| Yes | acme_certificate_email | The email address used for the certificate | undefined |
| Yes | acme_certificate_cf_account_token | Your Cloudflare API token | lookup('env', 'CF_ACCOUNT_TOKEN') |
| No | acme_certificate_group_members | Users to add to the certificate file owner group | [] |
| No | acme_certificate_add_ca | Include ACME CA | false |
| No | acme_certificate_caurl | URL for the CA certificate | https://letsencrypt.org/certs/isrgrootx1.pem.txt |
| No | acme_certificate_directory | URL for the CA directory | https://acme-v01.api.letsencrypt.org/directory |
| No | acme_certificate_cafile (*) | Create a symlink to the issuing CA certificate file | _undefined |
| No | acme_certificate_intcafile (*) | Create a symlink to the issuing intermediate CA certificate file | undefined |
| No | acme_certificate_certfile (*) | Create a symlink to the certificate file | undefined |
| No | acme_certificate_chainfile (*) | Create a symlink to the certificate chain file | undefined |
| No | acme_certificate_keyfile (*) | Create a symlink to the certificate key file | undefined |
You can see an example of some of these settings in the CI test configuration file.
(*) These are useful for maintaining compatibility with older Nginx/Apache setups.
Check the defaults file for an updated list of parameters.
Dependencies
For more information, see the requirements file and meta.yml.
Example Playbook
- hosts: servers
vars:
acme_certificate_email: [email protected]
acme_certificate_domain: "{{ ansible_fqdn }}"
acme_certificate_cf_account_token: xxxxxxxxxx
roles:
- role: nephelaiio.acme-certificate-cloudflare
Testing
Make sure you have Docker installed to run tests on the role. Additional Python dependencies can be found in the requirements file.
The role is tested on the following distributions (Docker images):
- Ubuntu Jammy
- Ubuntu Focal
- Ubuntu Bionic
- Debian Bullseye
- Debian Buster
- Rocky Linux 8
- Rocky Linux 9
You can test the role directly by running the command molecule test.
License
This project is licensed under the MIT License.
An ansible role to generate acme certificates using dns challenges with cloudflare dns
ansible-galaxy install nephelaiio.acme_certificate_cloudflare