https://github.com/cinnion/ansible-role-letsencrypt-ca

An ansible role for pushing the Let's Encrypt root certificates to hosts
https://github.com/cinnion/ansible-role-letsencrypt-ca

ansible ansible-role certbot devops sssd

Last synced: 2 months ago
JSON representation

An ansible role for pushing the Let's Encrypt root certificates to hosts

• Host: GitHub
• URL: https://github.com/cinnion/ansible-role-letsencrypt-ca
• Owner: cinnion
• License: apache-2.0
• Created: 2018-12-09T11:54:35.000Z (over 7 years ago)
• Default Branch: master
• Last Pushed: 2024-10-10T20:33:56.000Z (over 1 year ago)
• Last Synced: 2025-05-24T18:41:55.702Z (about 1 year ago)
• Topics: ansible, ansible-role, certbot, devops, sssd
• Size: 19.5 KB
• Stars: 0
• Watchers: 1
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# Ansible Role: Let's Encrypt CA root certificates

An Ansible Role which installs the Let's Encrypt CA certificates to hosts,

rebuilds the SSL CA certificate bundle, and then restarts the SSSD process on

RHEL hosts.

For the actual distribution of certificates for services, see my [letsencrypt-certs](https://github.com/cinnion/letsencrypt-certs)

role.

## Requirements

This role has been developed using Ansible 2.9, and presently only works with

RHEL/CentOS/Rocky 6.x through 9.x.

It requires downloading the CA certificates for Let's Encrypt from their

[Chain of Trust](https://letsencrypt.org/certificates/) page and placing them

in the `files` directory of this role, with their extension changed to just 

'.pem'

N.B.: At this time, the certificates being pushed are the

* The ISRG Root X1 (self-signed) certificate.

* The Let’s Encrypt Authority X3 (IdenTrust cross-signed) certificate

* Let’s Encrypt Authority X3 (IdenTrust cross-signed)

A future version may include automatically downloading these files, or

may just include them as a part of the role source, if no issues with copyright

are found.

## Role Variables:

The following platform-specific variables are defined in the files under the

`vars` directory (see `vars/RedHat.yml`).

    ca_trusted_dir: /etc/pki/ca-trust/source/anchors

The directory where CA certificates are placed for incorporation into the

CA bundle.

    ca_update_command: update-ca-trust

The command to be run to rebuild the CA bundle.

## Dependencies

None.

## Example Playbook

```

    ---

    - hosts: all

      roles:

        - { role: letsencrypt-ca }

    ...

```

## License

This software is open-sourced software licensed under the

[Apache 2.0 license](http://www.apache.org/licenses/LICENSE-2.0).

## Author Information

This role was created 2018 Dec 1 by [Douglas Needham](https://www.ka8zrt.com/).