Clone certbot role from Crans
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
This commit is contained in:
parent
154cbedec2
commit
889cb764c1
GPG key ID:
3A75C55819C8CF85
4 changed files with 37 additions and 4 deletions
8
group_vars/certbot.yml
Normal file
8
group_vars/certbot.yml
Normal file
|
|
@ -0,0 +1,8 @@
|
|||
---
|
||||
glob_certbot:
|
||||
dns_rfc2136_server: '10.128.0.30'
|
||||
dns_rfc2136_name: certbot_challenge.
|
||||
dns_rfc2136_secret: "{{ vault_certbot_dns_secret }}"
|
||||
mail: tech.aurore@lists.crans.org
|
||||
certname: auro.re
|
||||
domains: "auro.re"
|
||||
|
|
@ -1,10 +1,10 @@
|
|||
---
|
||||
- name: Install certbot and nginx plugin
|
||||
- name: Install certbot and RFC2136 plugin
|
||||
apt:
|
||||
update_cache: true
|
||||
name:
|
||||
- certbot
|
||||
- python3-certbot-nginx
|
||||
- python3-certbot-dns-rfc2136
|
||||
register: pkg_result
|
||||
retries: 3
|
||||
until: pkg_result is succeeded
|
||||
|
|
@ -15,6 +15,19 @@
|
|||
state: directory
|
||||
mode: 0755
|
||||
|
||||
- name: Lookup DNS masters IPv4
|
||||
set_fact:
|
||||
dns_masters_ipv4:
|
||||
- "10.128.0.30"
|
||||
cacheable: true
|
||||
|
||||
- name: Add DNS credentials
|
||||
template:
|
||||
src: letsencrypt/rfc2136.ini.j2
|
||||
dest: /etc/letsencrypt/rfc2136.ini
|
||||
mode: 0600
|
||||
owner: root
|
||||
|
||||
- name: Add Certbot configuration
|
||||
template:
|
||||
src: "letsencrypt/conf.d/certname.ini.j2"
|
||||
|
|
|
|||
|
|
@ -15,8 +15,13 @@ email = {{ certbot.mail }}
|
|||
# Uncomment to use a text interface instead of ncurses
|
||||
text = True
|
||||
|
||||
# Use nginx challenge
|
||||
authenticator = nginx
|
||||
# Yes I want to sell my soul and my guinea pig.
|
||||
agree-tos = True
|
||||
|
||||
# Use DNS-01 challenge
|
||||
authenticator = dns-rfc2136
|
||||
dns-rfc2136-credentials = /etc/letsencrypt/rfc2136.ini
|
||||
dns-rfc2136-propagation-seconds = 30
|
||||
|
||||
# Wildcard the domain
|
||||
cert-name = {{ certbot.certname }}
|
||||
|
|
|
|||
7
roles/certbot/templates/letsencrypt/rfc2136.ini.j2
Normal file
7
roles/certbot/templates/letsencrypt/rfc2136.ini.j2
Normal file
|
|
@ -0,0 +1,7 @@
|
|||
{{ ansible_managed | comment(decoration='# ') }}
|
||||
|
||||
dns_rfc2136_server = {{ certbot.dns_rfc2136_server }}
|
||||
dns_rfc2136_port = 53
|
||||
dns_rfc2136_name = {{ certbot.dns_rfc2136_name }}
|
||||
dns_rfc2136_secret = {{ certbot.dns_rfc2136_secret }}
|
||||
dns_rfc2136_algorithm = HMAC-SHA512
|
||||
Loading…
Reference in a new issue