Skip to content
Generate SSL certificates
Branch: master
Clone or download
sbesson Merge pull request #12 from manics/readme
Add/fix vars to README
Latest commit 6fb0e97 Mar 19, 2019
Type Name Latest commit message Commit time
Failed to load latest commit information.
defaults Fix yamllint errors Sep 15, 2018
handlers Define listener "ssl certificate changed" Oct 15, 2018
meta Merge remote-tracking branch 'origin/master' into molecule2 Oct 16, 2018
molecule/default Update comment Nov 19, 2018
.gitignore Add molecule 2 Sep 13, 2018
.travis.yml Use new meta-package Nov 15, 2018 Add/fix vars to README Mar 19, 2019

SSL Certificates

Build Status Ansible Role

Manage SSL certificates for web-servers.

Optionally generate self-signed SSL certificates for internal testing.

Role Variables

Defaults: defaults/main.yml

Optional variables:

  • ssl_certificate_public_path: Server path to SSL public certificate
  • ssl_certificate_intermediate_path: Server path to SSL intermediate certificate(s)
  • ssl_certificate_bundled_path: Server path to SSL bundled public and intermediate certificates (e.g. for Nginx)
  • ssl_certificate_key_path: Server path to SSL certificate key
  • ssl_certificate_combined_path: Server path to SSL combined certificate and key (e.g. for Haproxy), set to empty to disable
  • ssl_certificate_public_content: Text content of the certificate, for instance from vault
  • ssl_certificate_intermediate_content: Text content of the intermediate certificate(s)
  • ssl_certificate_key_content: Text content of the certificate key
  • ssl_certificate_selfsigned_create: Create a self-signed certificate if necessary, default True
  • ssl_certificate_selfsigned_subject: Self-signed certificate subject
  • ssl_certificate_selfsigned_days: Self-signed certificate validity (days)


This role notifies a listener ssl certificate changed when any changes are made. This should be used to trigger a restart of any services dependent on the certificates.

Example Playbooks

Create a self-signed certificate with defaults and restart Nginx (assumed to be already installed and configured):

- hosts: all
    - role: ssl-certificate
    - name: restart nginx
      listen: ssl certificate changed
        name: nginx
        state: restarted

Install certificates stored locally on machine running Ansible:

- hosts: all
    - role: ssl-certificate
      ssl_certificate_public_content: "{{ lookup('file', '/path/to/server.crt') + '\n' }}"
      ssl_certificate_key_content: "{{ lookup('file', '/path/to/server.key') + '\n' }}"
      ssl_certificate_selfsigned_create: False

Note: the additional newline being added after the lookup content is to correct Ansible bug

Author Information

You can’t perform that action at this time.