Certbot wildcard role
parent
544498c81a
commit
9c226c680c
@ -0,0 +1,34 @@
|
||||
---
|
||||
- name: Install certbot and RFC2136 plugin
|
||||
apt:
|
||||
update_cache: true
|
||||
name:
|
||||
- certbot
|
||||
- python3-certbot-dns-rfc2136
|
||||
state: present
|
||||
register: apt_result
|
||||
retries: 3
|
||||
until: apt_result is succeeded
|
||||
|
||||
- name: Lookup DNS masters IPv4
|
||||
set_fact:
|
||||
dns_masters_ipv4: "{{ certbot.dns_masters_ipv4 }}"
|
||||
cacheable: true
|
||||
|
||||
- name: Add DNS credentials
|
||||
template:
|
||||
src: letsencrypt/rfc2136.ini.j2
|
||||
dest: /etc/letsencrypt/rfc2136.ini
|
||||
mode: 0600
|
||||
owner: root
|
||||
|
||||
- name: Create /etc/letsencrypt/conf.d
|
||||
file:
|
||||
path: /etc/letsencrypt/conf.d
|
||||
state: directory
|
||||
|
||||
- name: Add Certbot configuration
|
||||
template:
|
||||
src: "letsencrypt/conf.d/certname.ini.j2"
|
||||
dest: "/etc/letsencrypt/conf.d/{{ certbot.certname }}.ini"
|
||||
mode: 0644
|
@ -0,0 +1,25 @@
|
||||
{{ ansible_header | comment(decoration='# ') }}
|
||||
|
||||
# Pour appliquer cette conf et générer la conf de renewal :
|
||||
# certbot --config wildcard.ini certonly
|
||||
|
||||
# Use a 4096 bit RSA key instead of 2048
|
||||
rsa-key-size = 4096
|
||||
|
||||
# Always use the staging/testing server
|
||||
# server = https://acme-staging.api.letsencrypt.org/directory
|
||||
|
||||
# Uncomment and update to register with the specified e-mail address
|
||||
email = {{ certbot.mail }}
|
||||
|
||||
# Uncomment to use a text interface instead of ncurses
|
||||
text = True
|
||||
|
||||
# Use DNS-01 challenge
|
||||
authenticator = dns-rfc2136
|
||||
dns-rfc2136-credentials = /etc/letsencrypt/rfc2136.ini
|
||||
dns-rfc2136-propagation-seconds = 30
|
||||
|
||||
# Wildcard the domain
|
||||
cert-name = {{ certbot.certname }}
|
||||
domains = {{ certbot.domains }}
|
@ -0,0 +1,7 @@
|
||||
{{ ansible_header | comment(decoration='# ') }}
|
||||
|
||||
dns_rfc2136_server = {{ dns_masters_ipv4 | first }}
|
||||
dns_rfc2136_port = 53
|
||||
dns_rfc2136_name = {{ certbot.dns_rfc2136_name }}
|
||||
dns_rfc2136_secret = {{ certbot.dns_rfc2136_secret }}
|
||||
dns_rfc2136_algorithm = HMAC-SHA512
|
Loading…
Reference in New Issue