{"id":21163524,"url":"https://github.com/punktde/ansible-proserver-dehydrated","last_synced_at":"2026-02-13T15:29:02.645Z","repository":{"id":139102540,"uuid":"109403482","full_name":"punktDe/ansible-proserver-dehydrated","owner":"punktDe","description":"Ansible role to configure dehydrated on a proServer.","archived":false,"fork":false,"pushed_at":"2023-10-09T08:00:36.000Z","size":56,"stargazers_count":0,"open_issues_count":1,"forks_count":0,"subscribers_count":8,"default_branch":"master","last_synced_at":"2025-01-21T09:48:47.129Z","etag":null,"topics":["ansible","dehydrated","letsencrypt","proserver"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/punktDe.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2017-11-03T14:13:37.000Z","updated_at":"2023-08-04T13:57:45.000Z","dependencies_parsed_at":null,"dependency_job_id":"4bbe0639-12d9-49ad-b0d6-9381e0828580","html_url":"https://github.com/punktDe/ansible-proserver-dehydrated","commit_stats":null,"previous_names":[],"tags_count":3,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/punktDe%2Fansible-proserver-dehydrated","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/punktDe%2Fansible-proserver-dehydrated/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/punktDe%2Fansible-proserver-dehydrated/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/punktDe%2Fansible-proserver-dehydrated/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/punktDe","download_url":"https://codeload.github.com/punktDe/ansible-proserver-dehydrated/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":243609265,"owners_count":20318763,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ansible","dehydrated","letsencrypt","proserver"],"created_at":"2024-11-20T13:48:21.550Z","updated_at":"2026-02-13T15:29:02.637Z","avatar_url":"https://github.com/punktDe.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003c!-- BEGIN_ANSIBLE_DOCS --\u003e\n\u003c!--\nDo not edit README.md directly!\n\nThis file is generated automatically by aar-doc and will be overwritten.\n\nPlease edit meta/argument_specs.yml instead.\n--\u003e\n# ansible-proserver-dehydrated\n\ndehydrated role for Proserver\n\n## Supported Operating Systems\n\n- Debian 12\n- Ubuntu 24.04, 22.04\n- FreeBSD [Proserver](https://infrastructure.punkt.de/de/produkte/proserver.html)\n\n## Role Arguments\n\n\n\nConfigures dehydrated ACME client for automatic SSL certificate management\n\nSupports Let's Encrypt and other ACME-compatible CAs\n\nHandles domain certificate generation and renewal\n\nSupports ACME-DNS and ACME-Cache for DNS-01 challenges\n\n#### Options for `dehydrated`\n\n|Option|Description|Type|Required|Default|\n|---|---|---|---|---|\n| `prefix` | Path prefixes for different components | dict of 'prefix' options | no |  |\n| `config` | Dehydrated configuration parameters | dict of 'config' options | no |  |\n| `domains` | Domains to request certificates for. Key is the Common Name, value is list of Subject Alternative Names. Example: ``` vpro0000.proserver.punkt.de: [] punkt.de: ['www.punkt.de', 'proserver.punkt.de'] ``` | dict | no | \"{}\" |\n| `acme_dns` | ACME-DNS configuration for DNS-01 challenges. Maps domain names to acme-dns server configuration. | dict of 'acme_dns' options | no | {} |\n| `acme_cache` | ACME-Cache configuration for DNS-01 challenges. Maps domain names to acme-cache server configuration. | dict of 'acme_cache' options | no | {} |\n| `command` | Command to run dehydrated (cron job or systemd service). Should start the dehydrated certificate renewal process. | str | no | systemctl start dehydrated (Linux) or custom cron (FreeBSD Proserver) |\n| `httpd_service` | HTTP service configuration for certificate deployment | dict of 'httpd_service' options | no |  |\n| `hooks` | Custom hook scripts for certificate lifecycle events | dict of 'hooks' options | no | Empty dict with all hook types |\n| `systemd` | Systemd timer configuration | dict of 'systemd' options | no |  |\n| `disable_renewal` | Disable automatic certificate renewal for all domains | bool | no | no |\n| `do_not_renew` | Domains to exclude from renewal | dict | no | \"{}\" |\n| `provide_dummy_cert` | Provide dummy self-signed certificates initially | bool | no | yes |\n| `dummy_cert` | PEM-encoded self-signed certificate content (for initial use before ACME issuance) | str | no | Built-in self-signed certificate |\n| `dummy_key` | PEM-encoded private key for dummy certificate | str | no | Built-in private key |\n\n#### Options for `dehydrated.prefix`\n\n|Option|Description|Type|Required|Default|\n|---|---|---|---|---|\n| `bin` | Path to dehydrated binary directory | str | no | /usr/bin (Linux) or /usr/local/bin (FreeBSD Proserver) |\n| `certs` | Path to store certificates | str | no | /var/lib/dehydrated/certs (Linux) or /usr/local/etc/ssl/certs (FreeBSD Proserver) |\n| `config` | Path to dehydrated configuration directory | str | no | /etc/dehydrated (Linux) or /usr/local/etc/dehydrated (FreeBSD Proserver) |\n\n#### Options for `dehydrated.config`\n\n|Option|Description|Type|Required|Default|\n|---|---|---|---|---|\n| `CA` | ACME server directory URL | str | no | https://acme-v02.api.letsencrypt.org/directory |\n| `WELLKNOWN` | Path to ACME challenge directory (http-01) | str | no | /var/lib/dehydrated/acme-challenges (Linux) or /var/www/letsencrypt (FreeBSD Proserver) |\n| `HOOK` | Path to dehydrated hook script | str | no | /etc/dehydrated/hook.sh (Linux) or /usr/local/etc/dehydrated/hook.sh (FreeBSD Proserver) |\n\n#### Options for `dehydrated.acme_dns`\n\n|Option|Description|Type|Required|Default|\n|---|---|---|---|---|\n| `\u003cdomain_name\u003e` | Configuration for specific domain | dict of '\u003cdomain_name\u003e' options | no |  |\n\n#### Options for `dehydrated.acme_dns.\u003cdomain_name\u003e`\n\n|Option|Description|Type|Required|Default|\n|---|---|---|---|---|\n| `host` | ACME-DNS server hostname | str | no |  |\n| `public_key` | Public SSH host key of ACME-DNS server | str | no |  |\n\n#### Options for `dehydrated.acme_cache`\n\n|Option|Description|Type|Required|Default|\n|---|---|---|---|---|\n| `\u003cdomain_name\u003e` | Configuration for specific domain | dict of '\u003cdomain_name\u003e' options | no |  |\n\n#### Options for `dehydrated.acme_cache.\u003cdomain_name\u003e`\n\n|Option|Description|Type|Required|Default|\n|---|---|---|---|---|\n| `host` | ACME-Cache server hostname | str | no |  |\n| `public_key` | Public SSH host key of ACME-Cache server | str | no |  |\n\n#### Options for `dehydrated.httpd_service`\n\n|Option|Description|Type|Required|Default|\n|---|---|---|---|---|\n| `name` | Name of HTTP service to reload after certificate update. Automatically determined based on ansible_facts['system'] and group membership. | str | no | apache2 (Linux+Apache), apache24 (BSD+Apache), nginx (other) |\n| `state` | State action for HTTP service after certificate update | str | no | reloaded |\n\n#### Options for `dehydrated.hooks`\n\n|Option|Description|Type|Required|Default|\n|---|---|---|---|---|\n| `deploy_challenge` | Scripts to run when deploying challenge | dict | no | \"{}\" |\n| `clean_challenge` | Scripts to run when cleaning challenge | dict | no | \"{}\" |\n| `sync_cert` | Scripts to run when syncing certificate | dict | no | \"{}\" |\n| `deploy_cert` | Scripts to run when deploying certificate | dict | no | \"{}\" |\n| `deploy_ocsp` | Scripts to run when deploying OCSP response | dict | no | \"{}\" |\n| `unchanged_cert` | Scripts to run when certificate is unchanged | dict | no | \"{}\" |\n| `invalid_challenge` | Scripts to run on invalid challenge | dict | no | \"{}\" |\n| `request_failure` | Scripts to run on request failure | dict | no | \"{}\" |\n| `generate_csr` | Scripts to run when generating CSR | dict | no | \"{}\" |\n| `startup` | Scripts to run on startup | dict | no | \"{}\" |\n| `exit` | Scripts to run on exit | dict | no | \"{}\" |\n\n#### Options for `dehydrated.systemd`\n\n|Option|Description|Type|Required|Default|\n|---|---|---|---|---|\n| `timer` | Systemd OnCalendar specification for certificate renewal | str | no | *-*-* 00:00:00 with RandomizedDelaySec=6h |\n\n## Dependencies\nNone.\n\n## Installation\nAdd this role to the requirements.yml of your playbook as follows:\n```yaml\nroles:\n  - name: ansible-proserver-dehydrated\n    src: https://github.com/punktDe/ansible-proserver-dehydrated\n```\n\nAfterwards, install the role by running `ansible-galaxy install -r requirements.yml`\n\n## Example Playbook\n\n```yaml\n- hosts: all\n  roles:\n    - name: dehydrated\n```\n\n\u003c!-- END_ANSIBLE_DOCS --\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpunktde%2Fansible-proserver-dehydrated","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpunktde%2Fansible-proserver-dehydrated","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpunktde%2Fansible-proserver-dehydrated/lists"}