Skip to content
/ ansible-acmetool Public

An Ansible role for installing the acmetool Let's Encrypt client

License

AGPL-3.0 license
5 stars 4 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

artefactual-labs/ansible-acmetool

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

26 Commits
defaults
defaults
 
 
handlers
handlers
 
 
meta
meta
 
 
tasks
tasks
 
 
templates
templates
 
 
tests
tests
 
 
vars
vars
 
 
.travis.yml
.travis.yml
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

ansible-acmetool

Installs acmetool and gets Let's Encrypt certificates (to /var/lib/acme/live).

acmetool is used in proxy mode for apache, and stateless mode for nginx ( ref. acmetool's user's guide )

Requirements

  • OS: ubuntu 14.04/16.04, Red Hat/CentOS 7
  • web server: apache or nginx

Example Playbook

    - hosts: servers
      roles:
        - { role: "ansible-acmetool", become: "yes" }
      vars:
        acmetool_websrv: "nginx"
        acmetool_responses_email: "[email protected]"
        acmetool_want: "www.example.com"

This will install acmetool to validate using nginx stateless mode, and then will run acmetool want www.example.com to get the certs and private key for the site www.example.com, which will be available to use by the web server at /var/lib/acme/live/www.example.com

Notes:

  1. This ansible role only deals with installing and running acmetool and getting the certs. You need to separately configure your web server to enable https for your site and to use the obtained certificates.

  2. In case multiple certs are required define acmetool_want as a list (one list item per cert). In case a cert is required for multiple sites, create one item with the site names separated by a space. Example:

    acmetool_want:
  - "www.example.com example.com"
  - "www.mysite.com"

This will get a cert valid for www.example.com and example.com and another cert valid for www.mysite.com

Notes for nginx stateless mode:

  1. This role will add and temporarily enable configuration for a site to get the initial LE certificate (the site is disabled by the role after getting the certs, the configuration file is kept (disabled) for reference in the directory /etc/nginx/conf.d/)

  2. The role creates file /etc/nginx/acmetool-location.conf, with configuration for a stateless ACME challenge location. Include this file in your site configuration, inside the server block along the other location definitions, in order for automated cert renewal to work, for example like this:

server {
        listen 80;

        root /usr/share/nginx/html;
        index index.html;
        server_name www.example.com;

        include /etc/nginx/acmetool-location.conf;    # ===> ADD THIS

        location / {
                try_files $uri $uri/ =404;
        }
...
...

License

BSD

Author Information

Artefactual Systems

About

An Ansible role for installing the acmetool Let's Encrypt client

Resources

Readme

License

AGPL-3.0 license
Activity
Custom properties

Stars

5 stars

Watchers

4 watching

Forks

4 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 5

Languages