thefinn93/ansible-letsencrypt thefinn93/ansible-letsencrypt

  • Stars
    star
    437
  • Rank 99,659 (Top 2 %)
  • Language
  • License
    GNU General Publi...
  • Created about 9 years ago
  • Updated over 2 years ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
thefinn93/ansible-letsencrypt
github

thefinn93

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

An ansible role to generate TLS certificates and get them signed by Let's Encrypt

ansible-letsencrypt

An ansible role to generate TLS certificates and get them signed by Let's Encrypt.

Currently attempts first to use the webroot authenticator, then if that fails to create certificates, it will use the standalone authenticator. This is handy for generating certs on a fresh machine before the web server has been configured or even installed.

Supported platforms

  • Debian Jessie
  • Debian Stretch
  • Debian Buster
  • Ubuntu Xenial
  • Ubuntu Focal
  • Ubuntu Jammy

On other platforms this role will try to install letsencrypt using pip, which is not officially supported and may break over upgrades at least.

If you test it on other platforms please let me know the results (positive or otherwise) so I can document them here and/or fix the issue.

Requires Ansible >= 2.0

Usage

First, read Let's Encrypt's TOS and EULA. Only proceed if you agree to them.

The following variables are available:

letsencrypt_webroot_path is the root path that gets served by your web server. Defaults to /var/www.

letsencrypt_email needs to be set to your email address. Let's Encrypt wants it. Defaults to webmaster@{{ ansible_fqdn }}. If you really want to register without providing an email address, define the variabe letsencrypt_no_email.

letsencrypt_rsa_key_size allows to specify a size for the generated key.

letsencrypt_cert_domains is a list of domains you wish to get a certificate for. It defaults to a single item with the value of {{ ansible_fqdn }}.

letsencrypt_install_directory should probably be left alone, but if you set it, it will change where the letsencrypt program is installed.

letsencrypt_renewal_command_args add arguments to the letsencrypt renewal command that gets run using cron. For example, use the renewal hooks to restart a web server.

letsencrypt_standalone_command_args adds arguments to the standalone authentication method. This is mostly useful for specifying supported challenges, such as --standalone-supported-challenges tls-sni-01 to limit the authentication to port 443 if something is already running on 80 or vice versa.

letsencrypt_server sets the alternative auth server if needed. For example, during tests it's set to https://acme-staging.api.letsencrypt.org/directory to use the staging server (far higher rate limits, but certs are not trusted). It is not set by default.

ssl_certificate and ssl_certificate_key symlinks the certificates to provided path if both are set.

The Let's Encrypt client will put the certificate and accessories in /etc/letsencrypt/live/<first listed domain>/. For more info, see the Let's Encrypt documentation.

Example Playbook

---
 - hosts: tls_servers
   user: root
   roles:
     - role: letsencrypt
       letsencrypt_webroot_path: /var/www/html
       letsencrypt_email: [email protected]
       letsencrypt_cert_domains:
        - www.example.net
        - example.net
       letsencrypt_renewal_command_args: '--renew-hook "systemctl restart nginx"'

More Repositories

1

signald

An API for Signal. This repo is a mirror, please send issues and contributions to GitLab
Java
150
star
2

signal-weechat

Use signal in weechat
Python
71
star
3

domain-availability

A simple UI to check the availability of domains with Namecheap's API
JavaScript
32
star
4

cjdns-php-gui

A nice GUI for editing cjdroute.conf - also horribly insecure
JavaScript
17
star
5

cjdnsAvahi

Automatically connect with cjdns peers on the LAN, courtesy of avahi/zeroconf
Python
14
star
6

munin-plugins

Some munin plugins I wrote
Python
12
star
7

webhook-receiver

Recieves webhooks and executes commands.
Python
9
star
8

hyperboria-radar

The code that powers #radar
Python
7
star
9

cjdns-docker

Mostly playing with docker. A simple docker image thing that runs cjdns
Shell
6
star
10

ansible-cowrie

a simple role to install cowrie ssh honeypot
6
star
11

OpenVPN-Config-Splitter

Parse an inline OpenVPN config, move all the bits into a folder and generate an importable config.
Python
5
star
12

eddystone-uid-linux

Create Eddystone UID beacons with a bluetooth dongle on a linux box
Python
5
star
13

ipvfoo

A fork of http://ipvfoo.googlecode.com, modified to show when Hyperboria as well as IPv4/IPv6
JavaScript
5
star
14

curses-peerstats

Peer stats from cjdns using blessed/blessed-contrib
JavaScript
4
star
15

GNOME-trimet

A GNOME panel applet to track Trimet arrivals
Python
4
star
16

cjdns-uri

Python
4
star
17

EasyPush

JavaScript
3
star
18

BuildbotStatusShields

Give buildbot awsum status shields
Python
3
star
19

privacyidea-docker

A docker image to run privacyidea.
Python
3
star
20

udmx.js

A Javascript library to interact with a uDMX-based USB DMX controller
JavaScript
3
star
21

domainchecker

SSL Labs test for other stuff. Modular. Plan is to have a reddit bot.
Python
2
star
22

peer-by-email

A tool to generate cjdns peering credentials for people who email it.
JavaScript
2
star
23

CCC-torrent-feed

Scrapes the public CCC RSS feeds and turns out feeds with .torrent links
Python
2
star
24

JustChat-web

JustChat Web Services
Java
2
star
25

ansible-cjdns-module

An ansible module to configure cjdns
Python
2
star
26

fusionpbx-ansible

You probably shouldn't use this, at least not yet
Shell
2
star
27

cjdns-vagrant

A Vagrantfile and scripts to start vagrant boxes with cjdns
Ruby
2
star
28

piston

Push notifications as a service
Python
1
star
29

Seattle911

A Supybot plugin
Python
1
star
30

pyingress

python library to interact with the Ingress game
Python
1
star
31

clink-scraper

Scrape data about availability of centurylink service off their horrible website.
Python
1
star
32

alcatel-onetouch-utils

Utilities for interacting with Alcatel OneTouch devices
Python
1
star
33

push

simple push service using GCM
JavaScript
1
star
34

JustChat

A crappy, securish chat app.
Java
1
star
35

urbanmaps

maps of urban things
CSS
1
star
36

weechat-scripts

This is a collection of scripts I've written for Weechat.
Python
1
star
37

MAXS-module-camera

A MAXS (http://projectmaxs.org) module to use the cameras
Java
1
star
38

VersionCheck

Supybot plugin to harass people who have old versions of cjdns. Requirements: cjdns, requests
Python
1
star
39

CSS342-Lab5

The horrid thing
C++
1
star
40

USB2HDCAPS-python

Some python code for interfacing with the USB2HDCAPS hardware platform.
Python
1
star
41

Minecraft-Installer-for-Ubuntu

A simple minecraft installer for Ubuntu.
Shell
1
star
42

router-config

Some config files from my home router.
Python
1
star
43

CSS432-Final-Project

Our final project for CSS432 (Network Design). Implements a simple rock, paper scissors network game
Python
1
star
44

cjdnsscripts

Various scripts for and relating to cjdns.
Python
1
star
45

Triangles

Fucking triangles
Java
1
star