{"id":17290964,"url":"https://github.com/jchristgit/ansible-role-nginx-letsencrypt","last_synced_at":"2026-03-19T00:34:04.407Z","repository":{"id":236710647,"uuid":"793009119","full_name":"jchristgit/ansible-role-nginx-letsencrypt","owner":"jchristgit","description":"Ansible role to configure NGINX hosts with Let's Encrypt on Debian-based systems","archived":false,"fork":false,"pushed_at":"2024-05-01T13:57:32.000Z","size":4,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-03-26T18:55:08.400Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Jinja","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/jchristgit.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-04-28T07:01:29.000Z","updated_at":"2024-05-01T13:57:35.000Z","dependencies_parsed_at":null,"dependency_job_id":"19737c72-ce44-49e6-a9bd-48a436bcfe00","html_url":"https://github.com/jchristgit/ansible-role-nginx-letsencrypt","commit_stats":null,"previous_names":["jchristgit/ansible-role-nginx-letsencrypt"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/jchristgit/ansible-role-nginx-letsencrypt","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jchristgit%2Fansible-role-nginx-letsencrypt","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jchristgit%2Fansible-role-nginx-letsencrypt/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jchristgit%2Fansible-role-nginx-letsencrypt/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jchristgit%2Fansible-role-nginx-letsencrypt/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/jchristgit","download_url":"https://codeload.github.com/jchristgit/ansible-role-nginx-letsencrypt/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jchristgit%2Fansible-role-nginx-letsencrypt/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28232392,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2026-01-07T02:00:05.975Z","response_time":58,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-10-15T10:39:32.313Z","updated_at":"2026-01-07T04:18:46.464Z","avatar_url":"https://github.com/jchristgit.png","language":"Jinja","funding_links":[],"categories":[],"sub_categories":[],"readme":"# NGINX \u0026 Let's Encrypt Ansible Role\n\nThis role allows you to create SSL certificates for NGINX virtual hosts using\n`certbot` and its [Webroot\nplugin](https://eff-certbot.readthedocs.io/en/stable/using.html#webroot). This\nrole is only tested on Debian Stable.\n\n## Usage\n\nInclude the `nginx-letsencrypt` role in the `dependencies` of the role that\nneeds it to set up the webroot directory and a NGINX configuration dropin that\nyou can use in your HTTP vhosts. The added configuration file can be used in\nyour NGINX HTTP virtual host as follows:\n\n```nginx\nserver {\n    listen          80;\n    listen          [::]:80;\n\n    server_name     my-website;\n\n    include         letsencrypt.conf;  # \u003c--\n\n    location / {\n        return 301      https://my-website$request_uri;\n    }\n}\n```\n\nNote that the role itself, e.g. the `main` task and not the included task\ndescribed below, does not use any configuration parameters except for\n`nginx_letsencrypt_webroot_path`.\n\nTo fetch certificates, you first set up a HTTP vhost in your nginx\nconfiguration to serve as a webroot directory, reload nginx, include the\n`setup-certificate.yml` task, and then set up the HTTPS vhost:\n\n```yaml\n- name: set up nginx HTTP vhost\n  template:\n    src: my-website.http.conf.j2\n    dest: /etc/nginx/conf.d/my-website.http.conf\n    owner: root\n    group: root\n    mode: 0444\n  notify: reload nginx\n\n- meta: flush_handlers\n\n- name: get certificates\n  include_role:\n    name: nginx-letsencrypt\n    tasks_from: setup-certificate.yml\n  vars:\n    nginx_letsencrypt_email: mymail@example.com\n    nginx_letsencrypt_domains:\n      - example.com\n    # nginx_letsencrypt_agree_tos: true\n\n- name: set up nginx HTTPS vhost\n  template:\n    src: my-website.https.conf.j2\n    dest: /etc/nginx/conf.d/my-website.https.conf\n    owner: root\n    group: root\n    mode: 0444\n  notify: reload nginx\n```\n\nThe reason for splitting the HTTP and HTTPS vhosts is that if you were to\nconfigure both at the same time and try to reload nginx, it would fail on the\ninitial deploy due to the missing HTTPS certificate.\n\n## Configuration\n\n### Optional variables\n\n- `nginx_letsencrypt_agree_tos` (bool): Agree to the terms of service of Let's\n  Encrypt. This is `false` by default.\n\n- `nginx_letsencrypt_webroot_path` (string): Where to store the validation\n  files created by certbot. Defaults to `/var/www/_letsencrypt`.\n\n- `nginx_letsencrypt_domains` (list[string]): Domains for which to fetch\n  certificates. The first one is used as the name for certificates. Note that\n  subsequent updates of this list to add more domains will not work as expected,\n  as the role uses the presence of certificates under the first name to check\n  whether it needs to run `certbot`. Defaults to `[{{ ansible_fqdn }}`.\n\n- `nginx_letsencrypt_email` (string): Where to send certificate notices to.\n  Defaults to `webmaster@{{ nginx_letsencrypt_domains[0] }}` per [RFC\n  2142](https://www.rfc-editor.org/rfc/rfc2142).\n\n- `nginx_letsencrypt_reload_services` (list[string]): Which systemd services to\n  reload after certificate updates. Defaults to `[nginx]`.\n\n- `nginx_letsencrypt_reload_services` (list[string]): Which systemd services to\n  restart after certificate updates. Defaults to `[]`.\n\n\u003c!-- vim: set textwidth=80 sw=2 ts=2: --\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjchristgit%2Fansible-role-nginx-letsencrypt","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjchristgit%2Fansible-role-nginx-letsencrypt","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjchristgit%2Fansible-role-nginx-letsencrypt/lists"}