{"id":18906535,"url":"https://github.com/claranet/ansible-role-certbot","last_synced_at":"2025-04-15T04:31:38.547Z","repository":{"id":40245517,"uuid":"436943630","full_name":"claranet/ansible-role-certbot","owner":"claranet","description":"Install and manage certbot","archived":false,"fork":false,"pushed_at":"2024-07-05T07:29:52.000Z","size":56,"stargazers_count":5,"open_issues_count":0,"forks_count":3,"subscribers_count":12,"default_branch":"main","last_synced_at":"2025-03-28T00:34:31.141Z","etag":null,"topics":["ansible","certbot","claranet","role"],"latest_commit_sha":null,"homepage":"","language":"Jinja","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mpl-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/claranet.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2021-12-10T10:46:50.000Z","updated_at":"2024-11-26T11:51:48.000Z","dependencies_parsed_at":"2024-03-26T17:52:51.303Z","dependency_job_id":null,"html_url":"https://github.com/claranet/ansible-role-certbot","commit_stats":null,"previous_names":[],"tags_count":8,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/claranet%2Fansible-role-certbot","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/claranet%2Fansible-role-certbot/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/claranet%2Fansible-role-certbot/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/claranet%2Fansible-role-certbot/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/claranet","download_url":"https://codeload.github.com/claranet/ansible-role-certbot/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":249006449,"owners_count":21197279,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ansible","certbot","claranet","role"],"created_at":"2024-11-08T09:16:41.223Z","updated_at":"2025-04-15T04:31:38.164Z","avatar_url":"https://github.com/claranet.png","language":"Jinja","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Ansible role - certbot\n[![Maintainer](https://img.shields.io/badge/maintained%20by-claranet-e00000?style=flat-square)](https://www.claranet.fr/)\n[![License](https://img.shields.io/github/license/claranet/ansible-role-certbot?style=flat-square)](LICENSE)\n[![Release](https://img.shields.io/github/v/release/claranet/ansible-role-certbot?style=flat-square)](https://github.com/claranet/ansible-role-certbot/releases)\n[![Status](https://img.shields.io/github/actions/workflow/status/claranet/ansible-role-certbot/molecule.yml?style=flat-square\u0026label=tests\u0026branch=main)](https://github.com/claranet/ansible-role-certbot/actions?query=workflow%3A%22Ansible+Molecule%22)\n[![Ansible version](https://img.shields.io/badge/ansible-%3E%3D2.10-black.svg?style=flat-square\u0026logo=ansible)](https://github.com/ansible/ansible)\n[![Ansible Galaxy](https://img.shields.io/badge/ansible-galaxy-black.svg?style=flat-square\u0026logo=ansible)](https://galaxy.ansible.com/claranet/certbot)\n\n\n\u003e :star: Star us on GitHub — it motivates us a lot!\n\nInstall and manage certbot\n\n## :warning: Requirements\n\nAnsible \u003e= 2.10\n\n## :zap: Installation\n\n```bash\nansible-galaxy install claranet.certbot\n```\n\n## :gear: Role variables\n\nVariable | Default value | Description\n---------|---------------|------------\ncertbot_packages                          | **['certbot', 'python3-pip']**     | Package name\ncertbot_webroot                           | **/var/www/letsencrypt**           | Directory for http challenges\ncertbot_auto_renew                        | **true**                           | Enable certificate renew\ncertbot_auto_renew_user                   | **root**                           | User to configure certificate renew\ncertbot_auto_renew_hour                   | **3**                              | Cron job hour for renew\ncertbot_auto_renew_minute                 | **30**                             | Cron job minutes for renew\ncertbot_auto_renew_option                 | **--quiet --no-self-upgrade**      | Options for renew command\ncertbot_certs                             | **[]**                             | See defaults/main.yml for details\ncertbot_staging_enabled                   | **true**                           | Use letsencrypt staging\ncertbot_create_command                    | **certbot certonly --webroot ...** | See defaults/main.yml for details\ncertbot_plugins                           | **[]**                             | List of plugins to install using pip\ncertbot_plugins_pip_executable            | **pip3**                           | pip executable to use to install certbot plugins\ncertbot_reload_services_before_enabled    | **true**                           | Reload `certbot_reload_services` before configuring certbot\ncertbot_reload_services_after_enabled     | **true**                           | Reload `certbot_reload_services` after configuring certbot\ncertbot_reload_services                   | **[]**                             | List of services to reload\n\n## :arrows_counterclockwise: Dependencies\n\nN/A\n\n## HTTP-01 Challenge\n\n:warning: To use HTTP-01 challenge, you have to only use webroot plugin (default behavior)\n\nBefore using this challenge type, your server must have a public IP and a DNS record zone pointing to it.\n\n### Webserver Setup\n\nBefore configuring certbot to issue a certificate, you must setup your webserver in order to handle certbot http challenges.\n\n#### Apache2\n\n```bash\nAlias /.well-known/acme-challenge/ \"/var/www/letsencrypt/.well-known/acme-challenge/\"\n\u003cDirectory \"/var/www/letsencrypt\"\u003e\n    AllowOverride None\n    Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec\n    Require all granted\n\u003c/Directory\u003e\n```\n\n```yaml\ncertbot_certs:\n  - email: \"test@clara.net\"\n    certbot_webroot: \"/var/www/letsencrypt\"\n    domains:\n      - \"lamp-01.clara.net\"\n      - \"lamp-02.clara.net\"\ncertbot_reload_services:\n  - apache2\n```\n\n#### Nginx\n\n```\nlocation /.well-known/acme-challenge/ {\n    alias /var/www/letsencrypt/.well-known/acme-challenge/;\n}\n```\n\n```yaml\ncertbot_certs:\n  - email: \"test@clara.net\"\n    certbot_webroot: \"/var/www/letsencrypt\"\n    domains:\n      - \"lamp-01.clara.net\"\n      - \"lamp-02.clara.net\"\ncertbot_reload_services:\n  - nginx\n```\n\n## DNS-01 Challenge\n\n:warning: For wildcard certificate, you have to use `--cert-name` option like this to avoid creating a new certificate for each ansible run :\n\n```\n--cert-name \"{{ _certbot_cert_item.domains | first | regex_replace('^\\*\\.(.*)$'\n```\n\n### Route53 example\n\n```yaml\ncertbot_certs:\n- email: \"test@clara.net\"\n  domains:\n    - \"*.molecule.clara.net\"\n- email: \"test@clara.net\"\n  domains:\n    - \"lamp-01.clara.net\"\n    - \"lamp-02.clara.net\"\n\ncertbot_reload_services:\n  - nginx\n\ncertbot_create_command: \u003e-\n  certbot certonly --dns-route53\n  {{ '--staging --break-my-certs' if certbot_staging_enabled else '' }}\n  --noninteractive --agree-tos\n  --email {{ _certbot_cert_item.email | default(certbot_admin_email) }}\n  --cert-name \"{{ _certbot_cert_item.domains | first | regex_replace('^\\*\\.(.*)$', 'wildcard.\\1') }}\"\n  --expand\n  -d {{ _certbot_cert_item.domains | join(',') }}\n\ncertbot_plugins:\n  - certbot-dns-route53==1.22.0\n```\n\n## :pencil2: Example Playbook\n\n```yaml\n---\n- hosts: all\n  roles:\n    - claranet.certbot\n```\n\n## :closed_lock_with_key: [Hardening](HARDENING.md)\n\n## :heart_eyes_cat: [Contributing](CONTRIBUTING.md)\n\n## :copyright: [License](LICENSE)\n\n[Mozilla Public License Version 2.0](https://www.mozilla.org/en-US/MPL/2.0/)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fclaranet%2Fansible-role-certbot","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fclaranet%2Fansible-role-certbot","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fclaranet%2Fansible-role-certbot/lists"}