elan_certbot

Overview Versions Insights

Ansible: Elan Certbot Role

This Ansible role configures TLS certificate renewal via certbot. This role is exactly the same as https://github.com/elan-ev/opencast_certbot, without the opencast_nginx dependency (see https://github.com/elan-ev/opencast_certbot/pull/3). This role will work with both the opencast_nginx and the simple_nginx_reverse_proxy, but likely not with a standard nginx or anything else.

Role Variables

  • elan_certbot_letsencrypt_email: The email address for Let's Encrypt account (required). This is used by Let's Encrypt to send certificate expiration warnings if necessary.
  • elan_certbot_domains: A list specifying the domains for which the certificate should be valid. Defaults to ["{{ inventory_hostname }}"].
  • elan_certbot_expand_existing: A boolean flag that you can use e.g. as extra variable when running a playbook, to force certbot to expand already existing certificates. You should not set this to true as default, but only when you actually need it.
  • elan_certbot_ca: You can specify if you want to use letsencrypt (the default) or use sectigo with eab for DFN ACME. You then also need to define elan_certbot_eab_kid and elan_certbot_eab_hmac.

Example Playbook

Example of how to configure and use the role:

- hosts: servers
  become: true
  roles:
    - role: elan.elan_certbot
      elan_certbot_letsencrypt_email: [email protected]
About

Configure TLS certificate renewal via certbot for Opencast

role
Install
ansible-galaxy install elan-ev/elan_certbot
GitHub repository
0 stars
0 forks
0 open issues
License
bsd-3-clause
Downloads
3677
Owner
elan e.V.
elan e.V. is a German non-profit organization helping universities and other higher education organizations with all things related to e-learning