GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → jaywink → Ansible Letsencrypt

jaywink / Ansible Letsencrypt

Ansible role for LetsEncrypt

Labels

ansibleletsencryptcertificateplaybookcertbot

Projects that are alternatives of or similar to Ansible Letsencrypt

Ansible Role Certbot
Ansible Role - Certbot (for Let's Encrypt)
Stars: ✭ 477 (+622.73%)
Mutual labels:  ansible, letsencrypt, certificate, certbot
Certbot
Certbot is EFF's tool to obtain certs from Let's Encrypt and (optionally) auto-enable HTTPS on your server. It can also act as a client for any other CA that uses the ACME protocol.
Stars: ✭ 28,541 (+43143.94%)
Mutual labels:  letsencrypt, certificate, certbot
Certbot Letencrypt Wildcardcertificates Alydns Au
certbot'renewing letencrypt certificate plugin - automatic verification aliyun/tencentyun/godaddy dns
Stars: ✭ 839 (+1171.21%)
Mutual labels:  letsencrypt, certificate, certbot
letsencrypt-inwx
A small cli utility for automating the letsencrypt dns-01 challenge for domains hosted by inwx.
Stars: ✭ 43 (-34.85%)
Mutual labels:  letsencrypt, certificate, certbot
wat
WAT - Windows ACME Tool
Stars: ✭ 28 (-57.58%)
Mutual labels:  letsencrypt, certificate, certbot
django-yadpt-starter
Yet Another Django Project Template skeleton for Django projects
Stars: ✭ 28 (-57.58%)
Mutual labels:  letsencrypt, certificate, certbot
Ansible Ssh Hardening
This Ansible role provides numerous security-related ssh configurations, providing all-round base protection.
Stars: ✭ 746 (+1030.3%)
Mutual labels:  ansible, playbook
Ansible Role Mysql
Ansible Role - MySQL
Stars: ✭ 826 (+1151.52%)
Mutual labels:  ansible, playbook
Ansiblecm
A Docker based Ansible control machine for running playbooks in a consistent environment.
Stars: ✭ 26 (-60.61%)
Mutual labels:  ansible, playbook
Kubeadm Playbook
Fully fledged (HA) Kubernetes Cluster using official kubeadm, ansible and helm. Tested on RHEL/CentOS/Ubuntu with support of http_proxy, dashboard installed, ingress controller, heapster - using official helm charts
Stars: ✭ 533 (+707.58%)
Mutual labels:  ansible, playbook
Ansible Collection Letsencrypt
An Ansible collection for issuing Let's Encrypt certificates.
Stars: ✭ 33 (-50%)
Mutual labels:  ansible, letsencrypt
Graphite Stack Ansible Vagrant
Provision a complete Graphite, StatsD & Grafana install using Ansible and (optionally) Vagrant
Stars: ✭ 62 (-6.06%)
Mutual labels:  ansible, playbook
Debops
DebOps - Your Debian-based data center in a box
Stars: ✭ 734 (+1012.12%)
Mutual labels:  ansible, playbook
Dehydrated
letsencrypt/acme client implemented as a shell-script – just add water
Stars: ✭ 5,261 (+7871.21%)
Mutual labels:  letsencrypt, certificate
Ansible Collection Gns3
Ansible Collection for GNS3 Server REST API using gns3fy
Stars: ✭ 19 (-71.21%)
Mutual labels:  ansible, playbook
Acme.sh
A pure Unix shell script implementing ACME client protocol
Stars: ✭ 24,723 (+37359.09%)
Mutual labels:  letsencrypt, certbot
Docker Nginx Letsencrypt Upstream
infrastructure: docker-compose config for node and redis behind upstream nginx ( SSL/HTTPS ) on debian jessie
Stars: ✭ 47 (-28.79%)
Mutual labels:  letsencrypt, certbot
Ghost Nginx Ssl Docker
Ghost blog with nginx proxy, lets encrypt ssl in a docker-compose (ready for production)
Stars: ✭ 45 (-31.82%)
Mutual labels:  letsencrypt, certificate
Certbot Install
Install the latest Certbot in a breeze. Great for Ubuntu Focal 20.04, and other Linux/Mac.
Stars: ✭ 50 (-24.24%)
Mutual labels:  letsencrypt, certbot
Openfaas On Digitalocean
Ansible playbook to create a Digital Ocean droplet and deploy OpenFaaS onto it.
Stars: ✭ 57 (-13.64%)
Mutual labels:  ansible, playbook
View All Similar Projects ➔

Build Status Ansible Galaxy License

Ansible LetsEncrypt

A role to automate LetsEncrypt certificates.

Stability: beta.

Ansible version required: 2.x

What does it do?

This role will pull in the official Certbot client, install it and issue or renew a certificate with your chosen domain.

Functionality as follows:

  • Tested on Ubuntu 14.04 and Debian 8, Debian 9
  • One domain per role include only
  • Runs in certonly mode only

PR's are welcome to include more functionality.

Installation

You can install the role directly from Galaxy as follows:

ansible-galaxy install jaywink.letsencrypt

Details

Cerbot client location and version

Ubuntu 14.04, Debian 8
  • The client will be installed in /opt/certbot as root
  • Each run will pull in the Certbot client code from a proven release version. You can set a specific Certbot version using the variable letsencrypt_certbot_version.
Debian 9
  • The client will be installed via APT into the standard platform location according to the latest version in the repositories.

Things to know

  • A list of services to be stopped before and (re-)started after obtaining a new certificate can be configured using the variable letsencrypt_pause_services.

  • certonly mode is used, which means no automatic web server installation

  • After cert issuing, you can find it in /etc/letsencrypt/live/<domainname>

    • Tip, use this in your Apache2 config, for example, in your main role. Just make sure not to try and start Apache2 with the virtualhost active without the LetsEncrypt role running first!

      SSLCertificateFile /etc/letsencrypt/live/{{ letsencrypt_domain }}/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/{{ letsencrypt_domain }}/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/{{ letsencrypt_domain }}/chain.pem

  • Note! If this role fails in the cert request part, you might have stopped services - take care!

  • If the cert has been requested before, this role will automatically try to renew it, if possible. Disable this functionality by setting letsencrypt_force_renew to false. No renewal will be attempted in this case if cert is not due for renewal.

  • A www. subdomain will automatically be requested along with the certificate.

    • To disable this behaviour, set letsencrypt_request_www to false in your vars.

Requirements

Tested with the following:

  • Ubuntu 14.04 and Debian 8, Debian 9
  • Apache2 and Nginx
  • Ansible 2.x

Role Variables

Required

  • letsencrypt_domain - Domain the certificate is for.
  • letsencrypt_email - Your email as certificate owner.

Optional

  • letsencrypt_certbot_args - Additional command line args to be passed to Certbot-- will be combined with letsencrypt_certbot_default_args. See the Certbot docs for arguments you may pass.
  • letsencrypt_certbot_default_args - Please see defaults/main.yml what the default arguments are. Also, you could add To override all the arguments to Certbot, for example to use another plugin, set them using this variable.
  • letsencrypt_certbot_verbose - Make Certbot output to console (default true).
  • letsencrypt_certbot_version - Set specific Certbot version, for example a git tag or branch. Note that the lowest version of Certbot we support is 0.6.0. Has no effect on Debian 9.
  • letsencrypt_force_renew - Whether to attempt renewal always, default to true.
  • letsencrypt_pause_services - List of services to stop/start while calling Certbot.
  • letsencrypt_request_www - Request www. automatically (default true).

Example Playbook

This role works best when included just before your main site role, for example. Or it can be used in an individual playbook, for example as below.

This role should become root on the target host.

---
- hosts: myhost
  become: yes
  become_user: root
  roles:
    - role: ansible-letsencrypt
      letsencrypt_email: [email protected]
      letsencrypt_domain: example.com
      letsencrypt_pause_services:
        - apache2

License

MIT

Author Information

Jason Robinson (@jaywink) - [email protected] - https://jasonrobinson.me - https://twitter.com/jaywink

Special thanks to Stefan Grönke (@gronke) for his work on expanding this role.

See CONTRIBUTORS for a full list of contributors.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].