This repository has been archived by the owner on Jun 4, 2021. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 2k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Switch to certbot for letsencrypt certificates (#1668)
Modifies the lets-encrypt role to use certbot for certificate issuance and auto-renewal. Also upgrades to using Let's Encrypt's ACMEv2 server.
- Loading branch information
1 parent
be8e7a1
commit 0130140
Showing
8 changed files
with
112 additions
and
86 deletions.
There are no files selected for viewing
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,18 +1,20 @@ | ||
- name: "Add the APT key for acmetool; hiding 25 lines of log..." | ||
apt_key: | ||
id: 9862409EF124EC763B84972FF5AC9651EDB58DFA | ||
data: "{{ item }}" | ||
with_file: acmetool_ppa.pem | ||
no_log: True | ||
|
||
- name: Add the official acmetool repository | ||
- name: Enable the Universe repository | ||
apt_repository: | ||
repo: "deb http://ppa.launchpad.net/hlandau/rhea/{{ ansible_distribution|lower }} {{ ansible_lsb.codename }} main" | ||
repo: "deb http://archive.ubuntu.com/ubuntu {{ ansible_distribution_release }} universe" | ||
state: present | ||
register: le_add_apt_repository | ||
until: not le_add_apt_repository.failed | ||
retries: "{{ apt_repository_retries }}" | ||
delay: "{{ apt_repository_delay }}" | ||
|
||
- name: Install acmetool | ||
- name: Add the certbot PPA | ||
apt_repository: | ||
repo: "ppa:certbot/certbot" | ||
register: le_add_certbot_ppa | ||
until: not le_add_certbot_ppa.failed | ||
retries: "{{ apt_repository_retries }}" | ||
delay: "{{ apt_repository_delay }}" | ||
|
||
- name: Install certbot | ||
apt: | ||
package: acmetool | ||
package: certbot |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,7 +1,9 @@ | ||
--- | ||
le_base: /var/lib/acme | ||
le_base: /etc/letsencrypt | ||
le_port: 80 | ||
le_api_endpoint: "https://acme-v01.api.letsencrypt.org/directory" | ||
le_certificate: "{{ le_base }}/live/{{ streisand_domain }}/fullchain" | ||
le_private_key: "{{ le_base }}/live/{{ streisand_domain }}/privkey" | ||
le_chain: "{{ le_base }}/live/{{ streisand_domain }}/chain" | ||
# RSA key size to request for SSL certificate | ||
le_rsa_key_size: 4096 | ||
le_api_endpoint: "https://acme-v02.api.letsencrypt.org/directory" | ||
le_certificate: "{{ le_base }}/live/{{ streisand_domain }}/fullchain.pem" | ||
le_private_key: "{{ le_base }}/live/{{ streisand_domain }}/privkey.pem" | ||
le_chain: "{{ le_base }}/live/{{ streisand_domain }}/chain.pem" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters