diff --git a/.travis.yml b/.travis.yml index 9323e54..dd6da46 100644 --- a/.travis.yml +++ b/.travis.yml @@ -40,8 +40,10 @@ script: - 'sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm ansible-playbook /etc/ansible/roles/role_under_test/tests/test.yml' # Test role idempotence. + - idempotence=$(mktemp) + - sudo docker exec "$(cat ${container_id})" ansible-playbook /etc/ansible/roles/role_under_test/tests/test.yml | tee -a ${idempotence} - > - sudo docker exec "$(cat ${container_id})" ansible-playbook /etc/ansible/roles/role_under_test/tests/test.yml + tail ${idempotence} | grep -q 'changed=0.*failed=0' && (echo 'Idempotence test: pass' && exit 0) || (echo 'Idempotence test: fail' && exit 1) diff --git a/README.md b/README.md index 7e5f8e9..c2c4a70 100644 --- a/README.md +++ b/README.md @@ -1,8 +1,8 @@ -# Ansible Role: Let's Encrypt +# Ansible Role: Certbot (for Let's Encrypt) -[![Build Status](https://travis-ci.org/geerlingguy/ansible-role-letsencrypt.svg?branch=master)](https://travis-ci.org/geerlingguy/ansible-role-letsencrypt) +[![Build Status](https://travis-ci.org/geerlingguy/ansible-role-certbot.svg?branch=master)](https://travis-ci.org/geerlingguy/ansible-role-certbot) -Installs Let's Encrypt for RHEL/CentOS or Debian/Ubuntu. +Installs Certbot (for Let's Encrypt) for RHEL/CentOS or Debian/Ubuntu. ## Requirements @@ -22,6 +22,24 @@ None. roles: - geerlingguy.letsencrypt +After installation, you can create certificates using the `certbot-auto` script, which by default is installed inside the configured `certbot_dir`, so by default, `/opt/certbot/certbot-auto`. Here are some example commands to configure certificates with Certbot: + + # Automatically add certs for all Apache virtualhosts (use with caution!). + /opt/certbot/certbot-auto --apache + + # Generate certs, but don't modify Apache configuration (safer). + /opt/certbot/certbot-auto --apache certonly + +To set up renewals, you should run the following command periodically (e.g. once or twice per day): + + /opt/certbot/certbot-auto renew --quiet --no-self-upgrade + +You can test the auto-renewal (without actually renewing the cert) with the command: + + /opt/certbot/certbot-auto renew --dry-run + +See full documentation and options on the [Certbot website](https://certbot.eff.org/). + ## License MIT / BSD diff --git a/defaults/main.yml b/defaults/main.yml index 6359404..ec0a908 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,6 +1,6 @@ --- -letsencrypt_repo: https://github.com/letsencrypt/letsencrypt -letsencrypt_version: master -letsencrypt_keep_updated: yes +certbot_repo: https://github.com/certbot/certbot.git +certbot_version: master +certbot_keep_updated: yes -letsencrypt_dir: /opt/letsencrypt +certbot_dir: /opt/certbot diff --git a/meta/main.yml b/meta/main.yml index 385b0cd..a1299be 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -3,7 +3,7 @@ dependencies: [] galaxy_info: author: geerlingguy - description: "Let's Encrypt for RHEL/CentOS and Debian/Ubuntu." + description: "Certbot (for Let's Encrypt) for RHEL/CentOS and Debian/Ubuntu." company: "Midwestern Mac, LLC" license: "license (BSD, MIT)" min_ansible_version: 1.8 diff --git a/tasks/main.yml b/tasks/main.yml index 9a10d4c..b04168d 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,7 +1,7 @@ --- -- name: Clone Let's Encrypt into configured directory. +- name: Clone Certbot into configured directory. git: - repo: "{{ letsencrypt_repo }}" - dest: "{{ letsencrypt_dir }}" - version: "{{ letsencrypt_version }}" - update: "{{ letsencrypt_keep_updated }}" + repo: "{{ certbot_repo }}" + dest: "{{ certbot_dir }}" + version: "{{ certbot_version }}" + update: "{{ certbot_keep_updated }}" diff --git a/vars/Debian.yml b/vars/Debian.yml deleted file mode 100644 index 352aad7..0000000 --- a/vars/Debian.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -samba_daemon: smbd diff --git a/vars/RedHat.yml b/vars/RedHat.yml deleted file mode 100644 index 9f01c5d..0000000 --- a/vars/RedHat.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -samba_daemon: smb