From 06917ce46bd0cf9e88988e5469e462f2fc706154 Mon Sep 17 00:00:00 2001
From: otthorn <otthorn@crans.org>
Date: Sun, 17 Jan 2021 16:40:28 +0100
Subject: [PATCH] Agree to Letsencrypt TOS

---
 .../letsencrypt/conf.d/certname.ini.j2        |  3 +++
 roles/mail-certificates/templates/conf.ini.j2 | 26 +++++++++++++++++++
 2 files changed, 29 insertions(+)
 create mode 100644 roles/mail-certificates/templates/conf.ini.j2

diff --git a/roles/certbot/templates/letsencrypt/conf.d/certname.ini.j2 b/roles/certbot/templates/letsencrypt/conf.d/certname.ini.j2
index c23d930..1406498 100644
--- a/roles/certbot/templates/letsencrypt/conf.d/certname.ini.j2
+++ b/roles/certbot/templates/letsencrypt/conf.d/certname.ini.j2
@@ -18,6 +18,9 @@ text = True
 # Use nginx challenge
 authenticator = nginx
 
+# Accept TOS
+agree-tos = True
+
 # Wildcard the domain
 cert-name = {{ certbot.certname }}
 domains = {{ ", ".join(certbot.domains) }}
diff --git a/roles/mail-certificates/templates/conf.ini.j2 b/roles/mail-certificates/templates/conf.ini.j2
new file mode 100644
index 0000000..cdcd8db
--- /dev/null
+++ b/roles/mail-certificates/templates/conf.ini.j2
@@ -0,0 +1,26 @@
+# {{ ansible_managed }}
+
+# Pour appliquer cette conf et générer la conf de renewal :
+# certbot --config /etc/letsencrypt/conf.d/{{ certbot.certname }}.ini certonly
+
+# Use a 4096 bit RSA key instead of 2048
+rsa-key-size = 4096
+
+# Always use the staging/testing server
+# server = https://acme-staging.api.letsencrypt.org/directory
+
+# Uncomment and update to register with the specified e-mail address
+email = {{ certbot.mail }}
+
+# Uncomment to use a text interface instead of ncurses
+text = True
+
+# Use nginx challenge
+authenticator = standalone
+
+# Accept TOS
+agree-tos = True
+
+# Wildcard the domain
+cert-name = {{ certbot.certname }}
+domains = {{ ", ".join(certbot.domains) }}