Add documentation about certificate renewal

ganto · Sep 1, 2016 · d882475 · d882475
1 parent c4746f1
commit d882475
Show file tree

Hide file tree

Showing 2 changed files with 28 additions and 0 deletions.
diff --git a/docs/getting-started.rst b/docs/getting-started.rst
@@ -116,6 +116,18 @@ role, the individual configurations could be defined in separate "domain"
 files (e.g. :file:`/etc/ansible/vars/<domain>.yml`) and then passed with the
 Ansible ``--extra-vars`` argument to the playbook execution.
 
+Such a variable file would look like this:
+
+.. code-block:: yaml
+
+    ---
+    #
+    # acme_tiny role configuration for: mydomain.com
+    #
+
+    acme_tiny__domain: [ 'mydomain.com', 'www.mydomain.com' ]
+    acme_tiny__cert_type: 'nginx'
+
 ..
  Local Variables:
  mode: rst

diff --git a/docs/system-configuration.rst b/docs/system-configuration.rst
@@ -134,6 +134,22 @@ Postfix
 Certificate renewal
 -------------------
 
+After adding a new domain the role has to be run once with ``root``
+privileges. Among other things this will create a separate user account
+``certbot`` which can be used to schedule unattended certificate renewals.
+
+.. note:: See :ref:`acme_tiny_ref_example_inventory` for an example how to
+          create a role configuration.
+
+Here an example of a :program:`cron` job (:file:`/etc/cron.d/acme-tiny`)
+which whould renew the certificate every month:
+
+.. code-block:: console
+
+    PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
+
+    @monthly certbot /usr/bin/ansible-playbook -e @/etc/ansible/vars/mydomain.com.yml /etc/ansible/playbooks/acme_tiny.yml >/dev/null
+
 ..
  Local Variables:
  mode: rst