NewsBlur-viq/ansible/roles/letsencrypt

Ansible Letsecrypt

The ansible role for generating letsecrypt certificates.

Features

• 🔐 Ability to generate single certificates for specific domains/subdomains
• 🔐 Ability to generate wildcard certificates using settings for the corresponding DNS provider
• ⚡️️ Automatically renew certificates every month
• 🔧 Generated certificates stored in the directory /etc/letsencrypt/live/{{app_domain}} where app_domain is the name of domain/subdomain for which we generated certificates and ready for use with any HTTP-server

Role Variables

Available variables:

Name	Default	Description
use_dns_plugin	no	Use certbot dns provider (use this if you need wildcard sertificate) or certbot itselt.
certbot_version	latest	# Version of certbot or certbot dns plugin (if use_dns_plugin is yes), see other versions here
dns_plugin	cloudflare	Dsn plugin that will be used with certbot (when use_dns_plugin is yes), list of plugins can be found here
email	Email that will be used for notifications	Email that will be used for notifications
domains_list	- "{{ ansible_fqdn }}"	List of domain for which you want to get a certificates

Additional variables for Cloudflare

Name	Default	Description
dns_email	""	DNS email
dns_api_key	""	DNS api key

Additional variables for CloudXNS

Name	Default	Description
dns_api_key	""	DNS api key
dns_secret_key	""	DNS secret key

Additional variables for DigitalOcean

Name	Default	Description
dns_token	""	DNS token

Additional variables for DNSimple

Name	Default	Description
dns_token	""	DNS token

Additional variables for DNS Made Easy

Name	Default	Description
dns_api_key	""	DNS api key
dns_secret_key	""	DNS secret key

Additional variables for Linode

Name	Default	Description
dns_key	""	DNS key

Additional variables for LuaDNS

Name	Default	Description
dns_email	""	DNS email
dns_token	""	DNS token

Additional variables for NS1

Name	Default	Description
dns_api_key	""	DNS api key

Additional variables for OVH

Name	Default	Description
dns_endpoint	""	DNS endpoint
dns_application_key	""	DNS application key
dns_application_secret	""	DNS application secret
dns_consumer_key	""	DNS consumer key

Additional variables for RFC 2136

Name	Default	Description
dns_server	""	Target DNS server
dns_port	""	Target DNS port
dns_name	""	TSIG key name
dns_secret	""	TSIG key secret
dns_algorithm	""	TSIG key algorithm

Additional variables for Route 53

Name	Default	Description
dns_access_key_id	""	DNS access key id
dns_secret_access_key	""	DNS secret access key id

Dependencies

Docker must be installed on the server in order to use this role. If you don't have docker on your server we recommend angstwad.docker_ubuntu Ansible role.

Example of using angstwad.docker_ubuntu:

---
- name: Setup server
  hosts: server
  become: true
  roles:
    - { role: angstwad.docker_ubuntu }

Quick example

Example of the playbook file:

---
- name: Setup server
  hosts: server
  become: true
  roles:
    - role: auxilincom.letsencrypt
      use_dns_plugin: yes
      certbot_version: v0.26.1
      dns_plugin: cloudflare
      email: ship@test.com
      domains_list:
        - "*.ship.com"
      dns_email: ship_dns@test.com
      dns_api_key: 0123456789abcdef0123456789abcdef01234567

Change Log

This project adheres to Semantic Versioning. Every release is documented on the Github Releases page.

License

Ansible-letsencrypt is released under the MIT License.

Contributing

Please read CONTRIBUTING.md for details on our code of conduct, and the process for submitting pull requests to us.

Contributors

Thanks goes to these wonderful people (emoji key):

Evgeny Zhivitsa 📖 🤔 💻

Andrew Orsich 🤔 👀

This project follows the all-contributors specification. Contributions of any kind welcome!