2020-11-03 23:19:19 +01:00
|
|
|
# {{ ansible_managed }}
|
2020-05-09 12:54:38 +02:00
|
|
|
|
|
|
|
# Pour appliquer cette conf et générer la conf de renewal :
|
2020-11-04 23:07:51 +01:00
|
|
|
# certbot --config /etc/letsencrypt/conf.d/{{ certbot.certname }}.ini certonly
|
2020-05-09 12:54:38 +02:00
|
|
|
|
|
|
|
# Use a 4096 bit RSA key instead of 2048
|
|
|
|
rsa-key-size = 4096
|
|
|
|
|
|
|
|
# Always use the staging/testing server
|
|
|
|
# server = https://acme-staging.api.letsencrypt.org/directory
|
|
|
|
|
|
|
|
# Uncomment and update to register with the specified e-mail address
|
|
|
|
email = {{ certbot.mail }}
|
|
|
|
|
|
|
|
# Uncomment to use a text interface instead of ncurses
|
|
|
|
text = True
|
|
|
|
|
2021-02-01 17:07:10 +01:00
|
|
|
# Yes I want to sell my soul and my guinea pig.
|
|
|
|
agree-tos = True
|
|
|
|
|
|
|
|
# Use DNS-01 challenge
|
|
|
|
authenticator = dns-rfc2136
|
|
|
|
dns-rfc2136-credentials = /etc/letsencrypt/rfc2136.ini
|
|
|
|
dns-rfc2136-propagation-seconds = 30
|
2020-05-09 12:54:38 +02:00
|
|
|
|
2021-01-17 16:40:28 +01:00
|
|
|
# Accept TOS
|
|
|
|
agree-tos = True
|
|
|
|
|
2020-05-09 12:54:38 +02:00
|
|
|
# Wildcard the domain
|
|
|
|
cert-name = {{ certbot.certname }}
|
2020-11-04 22:38:54 +01:00
|
|
|
domains = {{ ", ".join(certbot.domains) }}
|