{"id":18914828,"url":"https://github.com/cinnion/ansible-role-letsencrypt-certs","last_synced_at":"2026-04-26T22:31:08.903Z","repository":{"id":151471429,"uuid":"161135663","full_name":"cinnion/ansible-role-letsencrypt-certs","owner":"cinnion","description":"An Ansible Role which allows for maintaining SSL certificates via certbot or other clients on a single administrative machine, and pushing them to the servers.","archived":false,"fork":false,"pushed_at":"2024-10-10T20:53:09.000Z","size":14,"stargazers_count":0,"open_issues_count":1,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-05-24T18:41:55.497Z","etag":null,"topics":["ansible","ansible-role","devops"],"latest_commit_sha":null,"homepage":null,"language":"Jinja","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/cinnion.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2018-12-10T07:36:21.000Z","updated_at":"2024-10-10T20:53:12.000Z","dependencies_parsed_at":"2024-11-08T10:12:59.609Z","dependency_job_id":"ff3cc65f-3546-45bc-8e49-00c00c90bfc7","html_url":"https://github.com/cinnion/ansible-role-letsencrypt-certs","commit_stats":null,"previous_names":["cinnion/ansible-role-letsencrypt-certs"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/cinnion/ansible-role-letsencrypt-certs","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cinnion%2Fansible-role-letsencrypt-certs","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cinnion%2Fansible-role-letsencrypt-certs/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cinnion%2Fansible-role-letsencrypt-certs/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cinnion%2Fansible-role-letsencrypt-certs/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/cinnion","download_url":"https://codeload.github.com/cinnion/ansible-role-letsencrypt-certs/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cinnion%2Fansible-role-letsencrypt-certs/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32315711,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-26T21:09:39.134Z","status":"ssl_error","status_checked_at":"2026-04-26T21:09:21.240Z","response_time":129,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ansible","ansible-role","devops"],"created_at":"2024-11-08T10:13:02.527Z","updated_at":"2026-04-26T22:31:08.885Z","avatar_url":"https://github.com/cinnion.png","language":"Jinja","funding_links":[],"categories":[],"sub_categories":[],"readme":"# letsencrypt-certs\n\nAn Ansible Role which allows for maintaining SSL certificates via\ncertbot or other clients on a single administrative machine, and\npushing them to the servers.\n\nWith redundant servers becoming a norm even for small businesses, it\nis not unheard of to want to have the same certificate installed on a\nservice running on two, three or more services for load ballancing or\navailability purposes. However, when combined with services such as\n[Let's Encrypt](https://letsencrypt.org)'s CA authority and clients\nsuch as certbot, there is still a disconnect when it comes to\ncertificate maintenance. The certificates need to be renewed at a\nsingle point of authority and distributed from there. And that is\nwhere this role comes onto the stage.\n\n## Requirements\n\nThis role has been developed using Ansible 2.9, and presently only\nworks with RHEL/CentOS/Rocky between 6.x and 9.x. Adapting it to other\ndistros, or even other OSes should not be an issue; it is just that I\ndo not presently use anything else.\n\nIt also does not address the setup/execution of a client such as\n[cerbot](https://certbot.eff.org/), nor does it address the initial\n\"installation\" of the certificates and the software configuration\nwhich goes with it. It mearly consolidates the renewal into one\nlocation where the certificates can be easily backed up, and where a\nsingle renewal for shared certificates can take place.\n\nN.B. There is a near-term goal of hopefully adding support for the following:\n\n* DELL DRAC 5 (using racadm)\n* FreeBSD\n  - FreeNAS\n  - OPNSense\n\n## Role Variables:\n\n**NOTE:** This role uses the [ansible-merge-vars plugin](https://github.com/leapfrogonline/ansible-merge-vars)\nto handle variables coming from the host variables as well as group variables\nfor an indeterminate number of groups. So for example, where\n`certificates__to_merge` is used, this could also include variables such as\n`ldap_certificates__to_merge` and `web_certificates__to_merge`, which will be\nmerged within the role, rather than having one variable which gets overwritten.\n\nSo, if a host has:\n\n        certificates__to_merge:\n            - certificate-a\n            - certificate-b\n\nand one group to which it belongs has:\n\n        ldap_certificates__to_merge:\n            - certificate-c\n\nand a second group has:\n\n        web_certificates__to_merge:\n            - certificate-b\n            - certificate-d\n\nThese will be combined into the variable `certificates`, which would be the same\nas (order possibly varying):\n\n        certificates:\n            - certificate-a\n            - certificate-b\n            - certificate-c\n            - certificate-d\n\n-----\n\nThe following host/group-specific variables are used, and are defined either in\nthe host variables, or in the variables for associated groups.\n\n\n        certificates__to_merge:\n           - www.example.com\n\nor\n\n        certificates__to_merge:\n          - www.example.com\n          - foo.example.net\n\nDefines the certificates to be distributed to a given host and/or group, merging\nas discussed above. It may be defined in any location where host/group variables\nmay be defined. *The values given must be a list.*\n\n\n        certificate_services__to_merge:\n            - httpd\n\nor\n\n        ldap_certificate_services__to_merge:\n            - slapd\n\nThe list of services which will be restarted if a new certificate is pushed to\nthe host. If no services are defined, then a default of `httpd` is used, but it should be\nnoted that if any service is specified in either the host or group variables and\n`httpd` is needed, it must be explicitly specified.\n\n**NOTE:** At this point, pushing a certificate for one service will result in\nall services which use certificates being restarted. So the above would be\ncombined into the internal `certificate_services` variable, and `slapd` would be\nrestarted even if just a certificate associated with a web server was pushed.\n\n## Dependencies\n\n- [ansible-merge-vars](https://github.com/leapfrogonline/ansible-merge-vars)\n\n## Example Playbooks\n\nSee the examples found in the `examples` directory.\n\n## License\n\nThis software is open-sourced software licensed under the\n[Apache 2.0 license](http://www.apache.org/licenses/LICENSE-2.0).\n\n## Author Information\n\nThis role was created 2018 Dec 1 by [Douglas Needham](https://www.ka8zrt.com/).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcinnion%2Fansible-role-letsencrypt-certs","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcinnion%2Fansible-role-letsencrypt-certs","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcinnion%2Fansible-role-letsencrypt-certs/lists"}