{"id":13584487,"url":"https://github.com/thefinn93/ansible-letsencrypt","last_synced_at":"2025-04-04T21:08:51.171Z","repository":{"id":144972804,"uuid":"43218428","full_name":"thefinn93/ansible-letsencrypt","owner":"thefinn93","description":"An ansible role to generate TLS certificates and get them signed by Let's Encrypt","archived":false,"fork":false,"pushed_at":"2022-08-16T16:12:19.000Z","size":85,"stargazers_count":443,"open_issues_count":15,"forks_count":123,"subscribers_count":19,"default_branch":"master","last_synced_at":"2025-03-28T20:08:17.463Z","etag":null,"topics":["ansible","ansible-role","letsencrypt","tls-certificate"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/thefinn93.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2015-09-26T18:53:06.000Z","updated_at":"2025-02-20T18:49:10.000Z","dependencies_parsed_at":null,"dependency_job_id":"6809f064-0ad8-45d1-9457-3680a68f9ee7","html_url":"https://github.com/thefinn93/ansible-letsencrypt","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thefinn93%2Fansible-letsencrypt","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thefinn93%2Fansible-letsencrypt/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thefinn93%2Fansible-letsencrypt/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thefinn93%2Fansible-letsencrypt/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/thefinn93","download_url":"https://codeload.github.com/thefinn93/ansible-letsencrypt/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247249526,"owners_count":20908212,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ansible","ansible-role","letsencrypt","tls-certificate"],"created_at":"2024-08-01T15:04:17.658Z","updated_at":"2025-04-04T21:08:51.153Z","avatar_url":"https://github.com/thefinn93.png","language":null,"funding_links":[],"categories":["Others","letsencrypt"],"sub_categories":[],"readme":"# ansible-letsencrypt\nAn ansible role to generate TLS certificates and get them signed by Let's Encrypt.\n\nCurrently attempts first to use the `webroot` authenticator, then if that fails to create certificates,\nit will use the standalone authenticator. This is handy for generating certs on a fresh machine before\nthe web server has been configured or even installed.\n\n# Supported platforms\n- Debian Jessie\n- Debian Stretch\n- Debian Buster\n- Ubuntu Xenial\n- Ubuntu Focal\n- Ubuntu Jammy\n\nOn other platforms this role will try to install letsencrypt using pip, which is not officially supported and may break over upgrades at least.\n\nIf you test it on other platforms please let me know the results (positive or\notherwise) so I can document them here and/or fix the issue.\n\nRequires Ansible \u003e= 2.0\n\n# Usage\nFirst, read Let's Encrypt's TOS and EULA. Only proceed if you agree to them.\n\nThe following variables are available:\n\n`letsencrypt_webroot_path` is the root path that gets served by your web server. Defaults to `/var/www`.\n\n`letsencrypt_email` needs to be set to your email address. Let's Encrypt wants it. Defaults to `webmaster@{{ ansible_fqdn }}`. If you _really_ want to register without providing an email address, define the variabe `letsencrypt_no_email`.\n\n`letsencrypt_rsa_key_size` allows to specify a size for the generated key.\n\n`letsencrypt_cert_domains` is a list of domains you wish to get a certificate for. It defaults to a single item with the value of `{{ ansible_fqdn }}`.\n\n`letsencrypt_install_directory` should probably be left alone, but if you set it, it will change where the letsencrypt program is installed.\n\n`letsencrypt_renewal_command_args` add arguments to the `letsencrypt renewal` command that gets run using cron.  For example, use the renewal hooks to restart a web server.\n\n`letsencrypt_standalone_command_args` adds arguments to the standalone authentication method. This is mostly useful for specifying supported challenges, such as `--standalone-supported-challenges tls-sni-01` to limit the authentication to port 443 if something is already running on 80 or vice versa.\n\n`letsencrypt_server` sets the alternative auth server if needed. For example, during tests it's set to `https://acme-staging.api.letsencrypt.org/directory` to use the staging server (far higher rate limits, but certs are not trusted). It is not set by default.\n\n`ssl_certificate` and `ssl_certificate_key` symlinks the certificates to provided path if both are set.\n\nThe [Let's Encrypt client](https://github.com/letsencrypt/letsencrypt) will put the certificate and accessories in `/etc/letsencrypt/live/\u003cfirst listed domain\u003e/`. For more info, see the [Let's Encrypt documentation](https://letsencrypt.readthedocs.org/en/latest/using.html#where-are-my-certificates).\n\n# Example Playbook\n```\n---\n - hosts: tls_servers\n   user: root\n   roles:\n     - role: letsencrypt\n       letsencrypt_webroot_path: /var/www/html\n       letsencrypt_email: user@example.net\n       letsencrypt_cert_domains:\n        - www.example.net\n        - example.net\n       letsencrypt_renewal_command_args: '--renew-hook \"systemctl restart nginx\"'\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fthefinn93%2Fansible-letsencrypt","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fthefinn93%2Fansible-letsencrypt","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fthefinn93%2Fansible-letsencrypt/lists"}