Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

How to use this plugin from pip and ansible #32

Open
Synchro opened this issue Nov 29, 2021 · 1 comment
Open

How to use this plugin from pip and ansible #32

Synchro opened this issue Nov 29, 2021 · 1 comment

Comments

@Synchro
Copy link

Synchro commented Nov 29, 2021

This is just to help others that try to do this and have run into issues with certbot snap installation. I was trying to come up with a clean install method to use with ansible, and I've got it working successfully with this config (on Ubuntu):

- name: Install certbot system dependencies
  ansible.builtin.apt:
    package:
      - python3
      - python3-virtualenv
      - libaugeas0
    state: present
    update_cache: yes
  tags: certbot

- name: Install certbot from pip
  ansible.builtin.pip:
    name: certbot
    virtualenv: /opt/certbot
  tags: certbot

- name: Link certbot into path
  ansible.builtin.file:
    src: /opt/certbot/bin/certbot
    dest: /usr/bin/certbot
    state: link
  tags: certbot

- name: Install certbot gandi DNS plugin
  ansible.builtin.pip:
    name: certbot-plugin-gandi
    virtualenv: /opt/certbot
  tags: gandi

This installs using virtualenv, as the EFF recommends, but this means that the gandi plugin needs to be installed in the same virtualenv, or certbot won't see it. HTH.
@drzraf
Copy link

drzraf commented Jan 18, 2022
edited 

- copy:
    dest: "/etc/letsencrypt/gandi.ini"
    owner: root
    group: root
    mode: 0400
    content: "dns_gandi_api_key={{ api_key }}"

- docker_container:
    image: certbot/certbot
    name: certbot_gandi
    state: started
    auto_remove: no
    cleanup: yes
    detach: no
    debug: yes
    volumes:
      - "/etc/letsencrypt:/etc/letsencrypt"
      - "/var/log/letsencrypt:/var/log/letsencrypt"
    entrypoint: /bin/sh
    command: "-c 'pip install certbot-plugin-gandi && certbot certonly --noninteractive --agree-tos --email {{ email }} --authenticator dns-gandi --dns-gandi-credentials /etc/letsencrypt/gandi.ini -d {{ domains | join(',') }}'"

- cron:
    name: Certbot automatic renewal.
    cron_file: "certbot"
    job: "docker run -v /etc/letsencrypt:/etc/letsencrypt -v /var/log/letsencrypt:/var/log/letsencrypt --entrypoint /bin/sh  certbot/certbot -c 'pip install certbot-plugin-gandi && certbot renew --quiet --no-self-upgrade  --authenticator dns-gandi --dns-gandi-credentials /etc/letsencrypt/gandi.ini'"
    minute: '22'
    hour: '15'
    user: foo

(Note: It'd be so much better certbot-plugin-gandi be either bundled in certbot/certbot or that an official standalone docker image existed)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Synchro @drzraf