Ansible role to manage letsencrypt certs with acme tool
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
L3D 9ea537d4fd
Merge pull request #10 from roles-ansible/hook
1 month ago
.github Bump actions/checkout from 2 to 2.3.4 4 months ago
defaults Improve services restart hook 1 month ago
files Improve services restart hook 1 month ago
meta Improve services restart hook 1 month ago
tasks update acmetool hook 1 month ago
templates Improve services restart hook 1 month ago
vars Improve services restart hook 1 month ago
.gitignore repair linting 6 months ago
.yamllint repair linting 6 months ago
LICENCE Add myself to License 6 months ago
README.md Improve services restart hook 1 month ago

README.md

Ansible Galaxy MIT License

Acmetool LE client

Install and configure the acmetool LE client.

Currently this role is designed to work with the do1jlr.nginx ansible role. Maybe there will be a standalone version of this role someday...

Variables

  • acme_notification_email: (Default: root@example.org): LE account email. The default needs to be changed!

  • acme_reload_services: (Default: []): Services that need a reload by certificat change (There are some services pre-defined in the files/reload file)

  • acme_restart_services: (Default: []): Services that need a restart by certificat change

  • submodules_versioncheck: (Default: false): Enable basic versionscheck. (true is recomended)

Files

  • We search the response-file.yml.j2 using the first_found_loopup with the following config:
  files:
    - "response-file.{{ inventory_hostname }}.yml.j2"
    - 'response-file.yml.j2'
  paths:
    - 'templates/acmetool'
    - "templates/{{ inventory_hostname }}"
    - 'files/acmetool'
    - "files/{{ inventory_hostname }}"
    - 'templates'

This file is configuring the acmetool behaviour like certificate type, challange methode, acme notification email and so on. Change the values by providing your own response-file.yml.j2.

  • We search the reload and restart hook using the first_found_loopup with the config defined in vars/main.yml.

  • We deploy the acme-reload and acme-restart configuration based on the acme_reload_services: and acme_restart_services: variables

References

Good to know

If you are using debian buster, you are probably interested in a more up to date version of acmetool. Have a look at the do1jlri.acmetool_fix role, that will install a specific version of acmetool on debian based systems.

Testing

We are using the following github actions for testing and releasing to ansible galaxy.

Action Status Marketplace
Ansible Lint check ansible-lint
Galaxy release publish-ansible-role-to-galaxy
Yamllint GitHub Actions yamllint-github-action