The ansible role for generating letsecrypt certificates.
- 🔐 Ability to generate single certificates for specific domains/subdomains
- 🔐 Ability to generate wildcard certificates using settings for the corresponding DNS provider
- ⚡️️ Automatically renew certificates every month
- 🔧 Generated certificates stored in the directory
/etc/letsencrypt/live/{{app_domain}}whereapp_domainis the name of domain/subdomain for which we generated certificates and ready for use with any HTTP-server
Available variables:
| Name | Default | Description |
|---|---|---|
use_dns_plugin |
false |
Use certbot dns provider (use this if you need wildcard sertificate) or certbot itselt. |
certbot_version |
latest |
# Version of certbot or certbot dns plugin (if use_dns_plugin is true), see other versions here |
dns_plugin |
cloudflare |
Dsn plugin that will be used with certbot (when use_dns_plugin is true), list of plugins can be found here |
email |
Email that will be used for notifications |
Email that will be used for notifications |
domains_list |
- "{{ ansible_fqdn }}" |
List of domain for which you want to get a certificates |
dns_email |
"" |
DNS email (used for Cloudflare, LuaDNS) |
dns_api_key |
"" |
DNS api key (used for Cloudflare, CloudXNS, DNS Made Easy, NS1) |
dns_secret_key |
"" |
DNS secret key (used for CloudXNS, DNS Made Easy) |
dns_token |
"" |
DNS token (used for DigitalOcean, DNSimple, LuaDNS) |
dns_key |
"" |
DNS key (used for Linode) |
dns_endpoint |
"" |
DNS endpoint (used for OVH) |
dns_application_key |
"" |
DNS application key (used for OVH) |
dns_application_secret |
"" |
DNS application secret (used for OVH) |
dns_consumer_key |
"" |
DNS consumer key (used for OVH) |
dns_server |
"" |
Target DNS server (used for RFC 2136) |
dns_port |
"" |
Target DNS port (used for RFC 2136) |
dns_name |
"" |
TSIG key name (used for RFC 2136) |
dns_secret |
"" |
TSIG key secret (used for RFC 2136) |
dns_algorithm |
"" |
TSIG key algorithm (used for RFC 2136) |
dns_access_key_id |
"" |
DNS access key id (used for route 53) |
dns_secret_access_key |
"" |
DNS secret access key id (used for route 53) |
Docker must be installed on the server in order to use this role. If you don't have docker on your server we recommend angstwad.docker_ubuntu Ansible role.
Example of using angstwad.docker_ubuntu:
---
- name: Setup server
hosts: server
become: true
roles:
- { role: angstwad.docker_ubuntu }Example of the playbook file:
---
- name: Setup server
hosts: server
become: true
roles:
- role: paralect.letsencrypt
use_dns_plugin: true
certbot_version: v0.26.1
dns_plugin: cloudflare
email: ship@test.com
domains_list:
- "*.ship.com"
dns_email: ship_dns@test.com
dns_api_key: 0123456789abcdef0123456789abcdef01234567This project adheres to Semantic Versioning. Every release is documented on the Github Releases page.
Ansible-letsencrypt is released under the MIT License.
Please read CONTRIBUTING.md for details on our code of conduct, and the process for submitting pull requests to us.
Thanks goes to these wonderful people (emoji key):
 Evgeny Zhivitsa 📖 🤔 💻 |
 Andrew Orsich 🤔 👀 |
|---|
This project follows the all-contributors specification. Contributions of any kind welcome!