This is an ansible role for reloading services using certificates from let's encrypt after the certs were renewed. For everything related to the creation of the certs see the inofix.acme-* roles. The main rule which also has the details in its README is inofix.ansible-acme-setup.
Currently supported are:
- HTTP
- Apache
- NGINX
- IMAP/POP
- Dovecot
- SMTP
- Postfix
- XMPP
- Prosody
This role is meant to be run on any host that needs certificates (that runs an SSL service with certs from lets-encrypt).
Why we do not use one of the existing roles?
- For the first reason read the section "Promise" below. We need something reliable.
- This role will be used by maestro and must follow the logic used there. (Of course, the role can be used without maestro..)
preSTABLE (Feature-Freeze/RC)
Sure, this role may change in the future, but we will only expand features to not break backwards compatibility.
If radical changes should become necessary, a new role will be created, probably with an 'ng' or version suffix...
- Ansible >2.0
- Python2/3 on target host
- Generic UNIX with FHS
- Sudo
- Systemd (per default)
- app__acme__user - optional, default='acme'
- app__acme__group - optional, default='acme'
- app__acme__config_dir - optional, default='/etc/ssl/acme'
- app__acme__service_dir - optional, default='{{ app__acme__config_dir }}/service'
- app__acme__service_name - optional, default='apache'
- app__acme__log_dir - optional, default='/var/log/acme'
- inofix.acme-setup
- hosts: servers
roles:
- inofix.acme-service
(See inofix.acme-setup)
GPLv3
- Michael Lustenberger at inofix.ch