Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/telekom-mms/ansible-collection-acme

An Ansible collection for issuing certificates via the ACME protocol.
https://github.com/telekom-mms/ansible-collection-acme

acme ansible ansible-collection letsencrypt

Last synced: about 1 month ago
JSON representation

An Ansible collection for issuing certificates via the ACME protocol.

Host: GitHub
URL: https://github.com/telekom-mms/ansible-collection-acme
Owner: telekom-mms
License: gpl-3.0
Created: 2020-11-02T14:37:20.000Z (about 4 years ago)
Default Branch: main
Last Pushed: 2024-04-28T00:35:20.000Z (9 months ago)
Last Synced: 2024-05-02T00:45:46.220Z (9 months ago)
Topics: acme, ansible, ansible-collection, letsencrypt
Language: Shell
Homepage:
Size: 259 KB
Stars: 47
Watchers: 8
Forks: 9
Open Issues: 7
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- Contributing: CONTRIBUTING.md
- License: LICENSE
- Code of conduct: CODE_OF_CONDUCT.md
- Codeowners: CODEOWNERS

Awesome Lists containing this project

README

# ACME Collection for Ansible

This collection manages ACME certificates.

## Requirements
* Ansible >= 2.9
* Python >= 3 (if you want to use http-challenge via S3)

## Installation

These modules are distributed as [collections](https://docs.ansible.com/ansible/latest/user_guide/collections_using.html).
To install them, run:

```bash
ansible-galaxy collection install telekom_mms.acme
```

Alternatively put the collection into a `requirements.yml`-file:

```yaml
---
collections:
- telekom_mms.acme
```

## Usage

Role `acme` for issuing certificates from a certificate authority which implements the ACME protocol.
Please see [documentation](docs/role-acme.md) for variables, usage and further information for all the different providers.

## Testing

We automatically test key-creation and csr-creation, the `local` http-provider and test the challenge with the local pebble provider.

Automatically testing the various dns-challenge providers is hard, because we'd need to maintain accounts and zones on them (and pay for them). We'd also need to store credentials in CI which is a security risk.

Here we list ways to manually test the dns-providers if you have access:

* Hetzner

```
ansible-playbook tests/integration/targets/acme_letsencrypt/dns-challenge-hetzner.yml -e acme_hetzner_auth_token=YOUR_AUTH_TOKEN -e hetzner_domain_name="example.com" -e hetzner_zone="example.com"
```

* Domain-Offensive

```
ansible-playbook tests/integration/targets/acme_letsencrypt/dns-challenge-domain-offensive.yml -e acme_dns_password=YOUR_DO_AUTH_TOKEN -e domain_offensive_zone="example.com" -e domain_offensive_domain_name="example.com"
```

## License

GPLv3

## Author Information

* Sebastian Gumprich
* Andreas Hering