add certbot documentation

1 files changed, 43 insertions, 0 deletions

diff --git a/roles/certbot/README.md b/roles/certbot/README.md
new file mode 100644
index 0000000..87e9aa1
--- /dev/null
+++ b/roles/certbot/README.md
@@ -0,0 +1,43 @@
+Certbot
+=======
+
+Description
+-----------
+
+The `certbot` role retrieves a TLS certificate from LetsEncrypt.
+
+Variables
+---------
+
+This role **accepts** the following variables:
+
+Variable                 | Default                         | Description
+-------------------------|---------------------------------|------------
+`certificate_email`      | `root@{{ email_domain }}`       | LetsEncrypt contact email
+`certificate_sans`       | `{{ [ansible_fqdn] + cnames }}` | Subject Alternative Names
+`certificate_type`       | `ecdsa`                         | Either `ecdsa` or `rsa`
+`certificate_size`       | 2048                            | RSA key size (bits)
+`certificate_path`       |                            | Path of store certificate file
+`certificate_key_path`   |                            | Path of certificate key file
+`certificate_owner`      | `root`                          | Owner of certificate files (or `owner:group`)
+`certificate_mode`       | 0400                            | File mode of certificate files
+`certificate_use_apache` | no                              | Use exisiting Apache server for ACME challenge
+`certificate_hook`       |                            | Command to `exec` after certificate renewal
+
+Usage
+-----
+
+Example task:
+
+````yaml
+- name: request public TLS certificate
+  include_role:
+    name: certbot
+  vars:
+    certificate_sans:
+      - example.com
+      - www.example.com
+    certificate_path: /etc/pki/tls/certs/example.com.crt
+    certificate_key_path: /etc/pki/tls/private/example.com.key
+    certificate_hook: systemctl reload httpd
+````