The ansible role for generating letsecrypt certificates.
- 🔐 Ability to generate single certificates for specific domains/subdomains
- 🔐 Ability to generate wildcard certificates using settings for the corresponding DNS provider
- ⚡️️ Automatically renew certificates every month
- 🔧 Generated certificates stored in the directory
/etc/letsencrypt/live/{{app_domain}}whereapp_domainis the name of domain/subdomain for which we generated certificates and ready for use with any HTTP-server
Available variables:
| Name | Default | Description |
|---|---|---|
use_dns_plugin |
no |
Use certbot dns provider (use this if you need wildcard sertificate) or certbot itselt. |
certbot_version |
latest |
# Version of certbot or certbot dns plugin (if use_dns_plugin is yes), see other versions here |
dns_plugin |
cloudflare |
Dsn plugin that will be used with certbot (when use_dns_plugin is yes), list of plugins can be found here |
email |
Email that will be used for notifications |
Email that will be used for notifications |
domains_list |
- "{{ ansible_fqdn }}" |
List of domain for which you want to get a certificates |
Additional variables for Cloudflare
| Name | Default | Description |
|---|---|---|
dns_email |
"" |
DNS email |
dns_api_key |
"" |
DNS api key |
Additional variables for CloudXNS
| Name | Default | Description |
|---|---|---|
dns_api_key |
"" |
DNS api key |
dns_secret_key |
"" |
DNS secret key |
Additional variables for DigitalOcean
| Name | Default | Description |
|---|---|---|
dns_token |
"" |
DNS token |
Additional variables for DNSimple
| Name | Default | Description |
|---|---|---|
dns_token |
"" |
DNS token |
Additional variables for DNS Made Easy
| Name | Default | Description |
|---|---|---|
dns_api_key |
"" |
DNS api key |
dns_secret_key |
"" |
DNS secret key |
Additional variables for Linode
| Name | Default | Description |
|---|---|---|
dns_key |
"" |
DNS key |
Additional variables for LuaDNS
| Name | Default | Description |
|---|---|---|
dns_email |
"" |
DNS email |
dns_token |
"" |
DNS token |
Additional variables for NS1
| Name | Default | Description |
|---|---|---|
dns_api_key |
"" |
DNS api key |
Additional variables for OVH
| Name | Default | Description |
|---|---|---|
dns_endpoint |
"" |
DNS endpoint |
dns_application_key |
"" |
DNS application key |
dns_application_secret |
"" |
DNS application secret |
dns_consumer_key |
"" |
DNS consumer key |
Additional variables for RFC 2136
| Name | Default | Description |
|---|---|---|
dns_server |
"" |
Target DNS server |
dns_port |
"" |
Target DNS port |
dns_name |
"" |
TSIG key name |
dns_secret |
"" |
TSIG key secret |
dns_algorithm |
"" |
TSIG key algorithm |
Additional variables for Route 53
| Name | Default | Description |
|---|---|---|
dns_access_key_id |
"" |
DNS access key id |
dns_secret_access_key |
"" |
DNS secret access key id |
Docker must be installed on the server in order to use this role. If you don't have docker on your server we recommend angstwad.docker_ubuntu Ansible role.
Example of using angstwad.docker_ubuntu:
---
- name: Setup server
hosts: server
become: true
roles:
- { role: angstwad.docker_ubuntu }Example of the playbook file:
---
- name: Setup server
hosts: server
become: true
roles:
- role: auxilincom.letsencrypt
use_dns_plugin: yes
certbot_version: v0.26.1
dns_plugin: cloudflare
email: ship@test.com
domains_list:
- "*.ship.com"
dns_email: ship_dns@test.com
dns_api_key: 0123456789abcdef0123456789abcdef01234567This project adheres to Semantic Versioning. Every release is documented on the Github Releases page.
Ansible-letsencrypt is released under the MIT License.
Please read CONTRIBUTING.md for details on our code of conduct, and the process for submitting pull requests to us.
Thanks goes to these wonderful people (emoji key):
 Evgeny Zhivitsa 📖 🤔 💻 |
 Andrew Orsich 🤔 👀 |
This project follows the all-contributors specification. Contributions of any kind welcome!