Last active
May 24, 2016 20:16
-
-
Save JamesChevalier/a5d78be0febfe505a7e5 to your computer and use it in GitHub Desktop.
Ansible role to install, run, and schedule Let's Encrypt
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # template file | |
| # Use a 4096 bit RSA key instead of 2048 | |
| # rsa-key-size = 4096 | |
| # Register with the specified e-mail address | |
| email = {{ server_admin_email }} | |
| # Generate certificates for the specified domains | |
| domains = {{ domain_name }} | |
| # Use a text interface instead of ncurses | |
| text = True | |
| # Automatically agree to the Terms of Service | |
| agree-tos = True | |
| # Run the app so it knows to renew existing certificates | |
| renew-by-default = True |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # host_vars file | |
| --- | |
| ansible_ssh_user: USER_NAME_HERE | |
| domain_name: DOMAIN_NAME_HERE | |
| server_admin_email: EMAIL_ADDRESS_HERE |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # task file | |
| --- | |
| - name: clone the letsencrypt repository | |
| git: repo=https://github.com/letsencrypt/letsencrypt dest=/home/{{ ansible_ssh_user }}/letsencrypt | |
| sudo: no | |
| tags: | |
| - letsencrypt | |
| - name: create letsencrypt configuration directory | |
| file: path=/etc/letsencrypt owner=root group=root mode=0775 state=directory | |
| sudo: yes | |
| tags: | |
| - letsencrypt | |
| - name: copy over letsencrypt configuration file | |
| template: | |
| src: etc_letsencrypt_cli_ini.j2 | |
| dest: /etc/letsencrypt/cli.ini | |
| owner: root | |
| group: root | |
| mode: 0644 | |
| sudo: yes | |
| tags: | |
| - letsencrypt | |
| - name: run letsencrypt | |
| command: '/home/{{ ansible_ssh_user }}/letsencrypt/letsencrypt-auto -c /etc/letsencrypt/cli.ini certonly --apache' | |
| sudo: no | |
| tags: | |
| - letsencrypt | |
| - name: add a monthly cron job to renew letsencrypt certificate monthly | |
| cron: name='renew letsencrypt' special_time=monthly day=1 user={{ ansible_ssh_user }} job='/home/{{ ansible_ssh_user }}/letsencrypt/letsencrypt-auto -c /etc/letsencrypt/cli.ini certonly --apache' | |
| sudo: yes | |
| tags: | |
| - letsencrypt |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment