https://github.com/ryanreece/ansible-role-certbot
Ansible role for requesting SSL certificates from Let's Encrypt via Docker
https://github.com/ryanreece/ansible-role-certbot
Last synced: 4 months ago
JSON representation
Ansible role for requesting SSL certificates from Let's Encrypt via Docker
- Host: GitHub
- URL: https://github.com/ryanreece/ansible-role-certbot
- Owner: ryanreece
- Created: 2024-03-03T23:38:19.000Z (over 2 years ago)
- Default Branch: main
- Last Pushed: 2024-03-04T04:36:13.000Z (over 2 years ago)
- Last Synced: 2025-03-06T00:26:01.216Z (over 1 year ago)
- Size: 5.86 KB
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# Ansible Role Certbot
This Ansible role requests SSL certificates from Let's Encrypt using Docker and the Certbot Docker image, specifically for domains managed via DigitalOcean's DNS. The role will request a certificate for the apex domain name as well as the wildcard (`*.example.com`) domain name.
## Requirements
- Ansible 2.12 or newer.
- Docker installed on the target host.
- Access to a DigitalOcean account with API access for DNS verification.
## Role Variables
| Variable | Description | Default |
|-----------------------------|----------------------------------------------------|---------------------------------|
| `letsencrypt_email` | Email address used for Let's Encrypt registration. | `default_email@domain.com` |
| `digitalocean_secrets_file` | Path to the DigitalOcean secrets file. | `/path/to/default/secrets.ini` |
| `domain_name` | Domain name for the SSL certificate. | `example.com` |
| `docker_certbot_proxy_container` | Name of the proxy Docker container used to copy certificates from the cert volume to the host.. | `certbot-proxy-container` |
| `docker_certbot_container` | Name of the Docker container handling the Let's Encrypt certbot process | `certbot` |
| `docker_certs_volume` | Name of the Docker volume which will contain the SSL certificates | `certs` |
| `ssl_certs_hosts_location` | Host machine location where certs will be saved. | `/tmp/` |
| `force_cert_copy` | Determines whether to copy the certs to the host regardless if the certs are eligible for renewal | `False` |
## Example Playbook
Including an example of how to use your role in a playbook:
```yaml
- hosts: servers
roles:
- role: ansible_role_certbot
vars:
letsencrypt_email: name@example.com
digitalocean_secrets_file: ~/.secrets/certbot/digitalocean.ini
domain_name: example.com
docker_certbot_proxy_container: docker-certbot-proxy-container
docker_certbot_container: certbot
docker_certs_volume: certs
ssl_certs_hosts_location: /tmp/
force_cert_copy: True
```
### requirements.yml
```yaml
# requirements.yml
roles:
- name: ansible_role_certbot
src: https://github.com/ryanreece/ansible-role-certbot.git
version: main
scm: git
```
## To Do
- [ ] Add support for AWS Route53 managed domains
- [ ] Make releases for role versions.