Easy to use letsencrypt ansible role to create and renew SSL certificates. Current version is tested and works on Ubuntu 16.04 to Ubuntu 20.04. In future more platforms will be added.
If you use the default letsencrypt_mode for creating ssl certificates then you MUST enable http path /.well-known in your vhost configuration to allow letsencrypt to verify the ownership of your domains. If you use standalone mode then you don't need any changes in your vhost configuration. For more information about modes see Role Variables section.
- Nginx example:
location ~ /.well-known {
allow all;
}
- [REQUIRED]
{{ letsencrypt_domains }}- list of domains for which the certificate will be obtained. - [REQUIRED]
{{ letsencrypt_email }}- an email for receiving important announcements and notices. - [REQUIRED]
{{ letsencrypt_renewal_cron_dest }}- the destination for renewal cron which renews all installed letsencrypt certificates. {{ letsencrypt_mode }}- the mode for issuing ssl certificates. Default mode iswebrootwhich does not require to stop and start http service during ssl certificate creation. If you don't have any http services in you deployment you can switch tostandalonemode.{{ letsencrypt_production }}- iftrue, letsencrypt creates live certificate ready to use. Otherwise it creates staging certificate.{{ letsencrypt_http_service }}- the http service which will use the certificates. The default value isnginx.{{ letsencrypt_webroot_dir }}- if you usewebrootmode then you need to provide webroot directory to enable letsencrypt to verify domains ownership.
NA
- hosts: servers
roles:
- role: itsankoff.letsencrypt
letsencrypt_domains: ["example.com", "www.example.com"]
letsencrypt_email: admin@example.com
letsencrypt_renewal_cron_dest: "/opt"
For more information please contact me:
- Email: itsankoff@gmail.com
- Github