Generate and/or deploy SSL certificate
Available on Ansible Galaxy: jdauphant.ssl-certs
- hosts: all
roles:
- jdauphant.ssl-certs
This will create certificate and private key in:
/etc/ssl/myserver.mydomain.com.key
/etc/ssl/myserver.mydomain.com.pem
- hosts: all
roles:
- role: jdauphant.ssl-certs
ssl_certs_common_name: "example.com"
The certificate has to be placed in files/ssl/example.com.key
and files/ssl/example.com.pem
. If
they don't exist, they will be generated as a self-signed certificate at
/etc/ssl/example.com.key
and /etc/ssl/example.com.key
using the provided common name.
- hosts: all
roles:
- role: jdauphant.ssl-certs
ssl_certs_local_privkey_path: '/path/to/example.com.key'
ssl_certs_local_cert_path: '/path/to/example.com.pem'
An SSL certificate and key are just text that can be stored as a variable, which is useful when using ansible vault.
Example variable data, note how the text blob is indented. This is needed to correctly insert the text via the template module.
ssl_certs_local_privkey_data: |
-----BEGIN RSA PRIVATE KEY-----
MIIEpQIBAAKCAQEAu2uhv2cjoN4F3arUZ5cDrwuxf3koCwrKSK75as0WZoxYrpyw
Lyx9ldyD4nGabVep0R/uAgQ/HqEf2jC7WIvGcEq8bHB9PyEEWzT8IjKQX0YTc//4
gkHBkpyU0fVrj5nkc30EIbcbH4RHRDwye4VhP/iCPchDG7OqvCyOdm8=
-----END RSA PRIVATE KEY-----
ssl_certs_local_cert_data: |
-----BEGIN CERTIFICATE-----
MIIDmzCCAoOgAwIBAgIJAKWMlgLwrBzXMA0GCSqGSIb3DQEBCwUAMGQxCzAJBgNV
QAL3naEfBSZBl0tBohuxn8Xd3yLPuKGUOk3pSL1IJy0Ca6p+QwjkaZUd9X3gf1V2
SEfYSaGPvfIlSuHIshno
-----END CERTIFICATE-----
Then simply include the role as in the first example.
Example to use this role with my Nginx role: jdauphant.nginx
- hosts: all
roles:
- jdauphant.ssl-certs
ssl_certs_generate_dh_param: true
- role: jdauphant.nginx
nginx_configs:
ssl:
- ssl_certificate_key {{ssl_certs_privkey_path}}
- ssl_certificate {{ssl_certs_cert_path}}
- ssl_dhparam {{ssl_certs_dhparam_path}}
nginx_sites:
default:
- listen 443 ssl
- server_name _
- root "/usr/share/nginx/html"
- index index.html