acme-tiny-setup

Overview Versions Insights

Acme-Tiny Setup

This is an ansible role for setting up and preparing everything that is required for later signing certificates with let's encrypt. It is highly influenced by this role: ganto.acme_tiny. Many thanks ganto!

This role is meant to be run on any host that needs certificates. If the host is not accessible via web - or does not use the zwischenloesung.acme-tiny role for other reasons - a solution must be provided to transfer the cert-request forth and the final certificate back from this host to the acme-host.

Why we do not use one of the existing roles?

  • For the first reason read the section "Promise" below. We need something reliable.
  • This role will be used by maestro and must follow the logic used there. (Of course, the role can be used without maestro..)

STATUS

Development has moved to inofix.acme-*

Promise

Sure, this role may change in the future, but we will only expand features to not break backwards compatibility.

If radical changes should become necessary, a new role will be created, probably with an 'ng' or version suffix...

Installation

ansible-galaxy install zwischenloesung.acme-tiny-setup

Requirements

  • Ansible >2.0
  • Python2/3 on target host
  • Generic UNIX with FHS
  • Sudo
  • Systemd (per default)

Role Variables

  • app__acme__tiny__user - optional, default='acme'
  • app__acme__tiny__group - optional, default='acme'
  • app__acme__tiny__home - optional, default='/var/lib/acme'
  • app__acme__tiny__config_dir - optional, default='/etc/ssl/acme-tiny'
  • app__acme__tiny__openssl_config - optional, default='/etc/ssl/openssl.cnf'
  • app__acme__tiny__challenge_dir - optional, default='/var/www/acme-challenges'
  • app__acme__tiny__account_key - optional, default='account.key'
  • app__acme__tiny__domain - optional, default='example.com'
  • app__acme__tiny__cert_name - optional, auto
  • app__acme__tiny__log_dir - optional, default='/var/log/acme-tiny'
  • app__acme__tiny__cert_dir - optional, auto
  • app__acme__tiny__key - optional, auto
  • app__acme__tiny__request - optional, auto
  • app__acme__tiny__letsencrypt_certs - optional, default=[ {url='https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem', file='intermediate.crt'}, {url='https://letsencrypt.org/certs/isrgrootx1.pem', file='ca.crt'} ]
  • app__acme__tiny__key_length - optional, default=4096

Dependencies

Example Playbook

- hosts: servers
  roles:
     - zwischenloesung.acme-tiny-setup

License

GPLv3

Author Information

About

Install the famous acme-tiny python script

role acme acmetiny cert certificate certificates certs letsencrypt ssl system tls
Install
ansible-galaxy install zwischenloesung/acme-tiny-setup
GitHub repository
0 stars
0 forks
0 open issues
License
gpl-3.0
Downloads
98
Owner