diff options
Diffstat (limited to 'roles/certbot')
-rw-r--r-- | roles/certbot/README.md | 43 |
1 files changed, 43 insertions, 0 deletions
diff --git a/roles/certbot/README.md b/roles/certbot/README.md new file mode 100644 index 0000000..87e9aa1 --- /dev/null +++ b/roles/certbot/README.md @@ -0,0 +1,43 @@ +Certbot +======= + +Description +----------- + +The `certbot` role retrieves a TLS certificate from LetsEncrypt. + +Variables +--------- + +This role **accepts** the following variables: + +Variable | Default | Description +-------------------------|---------------------------------|------------ +`certificate_email` | `root@{{ email_domain }}` | LetsEncrypt contact email +`certificate_sans` | `{{ [ansible_fqdn] + cnames }}` | Subject Alternative Names +`certificate_type` | `ecdsa` | Either `ecdsa` or `rsa` +`certificate_size` | 2048 | RSA key size (bits) +`certificate_path` | | Path of store certificate file +`certificate_key_path` | | Path of certificate key file +`certificate_owner` | `root` | Owner of certificate files (or `owner:group`) +`certificate_mode` | 0400 | File mode of certificate files +`certificate_use_apache` | no | Use exisiting Apache server for ACME challenge +`certificate_hook` | | Command to `exec` after certificate renewal + +Usage +----- + +Example task: + +````yaml +- name: request public TLS certificate + include_role: + name: certbot + vars: + certificate_sans: + - example.com + - www.example.com + certificate_path: /etc/pki/tls/certs/example.com.crt + certificate_key_path: /etc/pki/tls/private/example.com.key + certificate_hook: systemctl reload httpd +```` |