L-P.acmetool

Overview Versions Insights

ansible-role-acmetool

Install, configure and run acmetool to generate Let's Encrypt TLS certificates.

acmetool will be configured to use its redirector mode. It will listen on port 80 and redirect (HTTP 308) anything that is not a challenge request.

See acme on GitHub for details.

Requirements

  • become: true is required as most actions need to be run as root, the rest is run under acme which will be created by the role.

  • You need to open port 80/TCP for acmetool to serve challenges.

  • As the redirector mode is used by default, no HTTP server is required to run. You can install whatever server you want to run after running this role so it can use the generated certificates.

  • Chose your provider and set its API endpoint in acmetool_server, see below.

  • The cron package is required for automatic renewal.

Role Variables

Required

# Address used to register domains with LetsEncrypt.
acmetool_email: "[email protected]"
# space-separated list of domains to register.
acmetool_domains: "www.example.com example.com"

Other

# CA server. This defaults to the acme-staging server for testing purposes.
# You will need to change this to the production server :
# https://acme-v01.api.letsencrypt.org/directory
acmetool_server: "https://acme.example.com/directory"

# Change this to RSA if your server does not support EC keys (eg. murmur).
acmetool_key_type: "ecdsa"

# If you don't trust acmetool to run hooks as root (sudo), set this to false.
acmetool_enable_hooks: false

See the defaults for the complete list.

Example Playbook

- hosts: all
  roles:
    - { role: "L-P.acmetool", become: true }

Because on Debian services are automatically enabled and started with their default configuration when installed, nginx will fail to install and leave dpkg in a semi-broken state.
To avoid this you can run the following play between the installation of acmetool and nginx. It will only run if nginx is not yet configured.

- hosts: all
    become: true
    tasks:
    - name: Stop acmetool
      tags: "nginx"
      command: "service acmetool stop"
      args:
        creates: "/etc/nginx/nginx.conf"

You can adapt this for any other service that fails the same way.

License

MIT

About

Install acmetool on Ubuntu 16.04

role acme acmetool https le letsencrypt ssl tls
Install
ansible-galaxy install L-P.acmetool
GitHub repository
3 stars
1 forks
0 open issues
License
mit
Downloads
362
Owner