Manage SSL certificates via Certbot / Let's Encrypt.
This role has been tested under Debian Buster. Other OSes might work as well.
Set the e-mail address for obtaining a certificate (certbot: --email
).
Example:
certbot_email: webmaster@example.com
This dictionary defines which certificates to create.
The key is the certificate name (certbot: --cert-name
), which can be a
domain.
And the value is a list of domains to be included in the certificate.
Example:
certbot_certificates:
example.com:
- example.com
- www.example.com
The command to run after a successful certificate installation or renewal
(certbot: --deploy-hook
).
Example:
certbot_deploy_hook: systemctl restart nginx.service
Force renewal of certificates, even if not due yet (certbot:
--force-renewal
).
If you want to add / remove a certificate's domain or update the deploy hook
you have to forcefully run certbot
once.
This ensures that the certicate and configuration gets updated.
Example:
certbot_force_renewal: yes
None.
---
- hosts: all
roles:
- role: bjoernalbers.certbot
certbot_email: webmaster@example.com
certbot_certificates:
example.com:
- example.com
- www.example.com
certbot_deploy_hook: systemctl restart nginx.service
This Ansible role is released under the MIT License.