added a role variable to set global certbot options in configuration file

README.md

@@ -14,6 +14,8 @@ Generally, installing from source (see section `Source Installation from Git`) l
 
 The variable `certbot_install_from_source` controls whether to install Certbot from Git or package management. The latter is the default, so the variable defaults to `no`.
 
+The variable `certbot_config_file_options` defaults to an empty dictionary but can be used to configure global options for Certbot, which will go into `/etc/letsencrypt/cli.ini`.
+
     certbot_auto_renew: true
     certbot_auto_renew_user: "{{ ansible_user }}"
     certbot_auto_renew_hour: 3
@@ -82,12 +84,14 @@ None.
 ## Example Playbook
 
     - hosts: servers
-    
+
       vars:
+        certbot_config_file_options:
+          rsa-key-size: 4096
         certbot_auto_renew_user: your_username_here
         certbot_auto_renew_minute: 20
         certbot_auto_renew_hour: 5
-    
+
       roles:
         - geerlingguy.certbot
 

defaults/main.yml

@@ -1,4 +1,7 @@
 ---
+# Global options for configuration file
+certbot_config_file_options: {}
+
 # Certbot auto-renew cron job configuration (for certificate renewals).
 certbot_auto_renew: true
 certbot_auto_renew_user: "{{ ansible_user }}"

tasks/config-file.yml

@@ -0,0 +1,10 @@
+---
+- name: Ensure configuration directory is present.
+  file:
+    path: /etc/letsencrypt
+    state: directory
+
+- name: Install Certbot configuration file.
+  template:
+    src: cli.ini.j2
+    dest: /etc/letsencrypt/cli.ini

tasks/main.yml

@@ -7,6 +7,8 @@
 - import_tasks: install-from-source.yml
   when: certbot_install_from_source
 
+- import_tasks: config-file.yml
+
 - include_tasks: create-cert-standalone.yml
   with_items: "{{ certbot_certs }}"
   when:

templates/cli.ini.j2

@@ -0,0 +1,5 @@
+# {{ ansible_managed }}
+
+{% for key, value in certbot_config_file_options.items() %}
+{{ key }} = {{ value }}
+{% endfor %}