blob: 87e9aa1ddc8ec6232f04c0520a87f48685243e56 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
|
Certbot
=======
Description
-----------
The `certbot` role retrieves a TLS certificate from LetsEncrypt.
Variables
---------
This role **accepts** the following variables:
Variable | Default | Description
-------------------------|---------------------------------|------------
`certificate_email` | `root@{{ email_domain }}` | LetsEncrypt contact email
`certificate_sans` | `{{ [ansible_fqdn] + cnames }}` | Subject Alternative Names
`certificate_type` | `ecdsa` | Either `ecdsa` or `rsa`
`certificate_size` | 2048 | RSA key size (bits)
`certificate_path` | | Path of store certificate file
`certificate_key_path` | | Path of certificate key file
`certificate_owner` | `root` | Owner of certificate files (or `owner:group`)
`certificate_mode` | 0400 | File mode of certificate files
`certificate_use_apache` | no | Use exisiting Apache server for ACME challenge
`certificate_hook` | | Command to `exec` after certificate renewal
Usage
-----
Example task:
````yaml
- name: request public TLS certificate
include_role:
name: certbot
vars:
certificate_sans:
- example.com
- www.example.com
certificate_path: /etc/pki/tls/certs/example.com.crt
certificate_key_path: /etc/pki/tls/private/example.com.key
certificate_hook: systemctl reload httpd
````
|