Fixes #4: Update to use Certbot. Rename from letsencrypt to certbot.

8 years ago · 444064222b
parent 8b6c745801
commit 444064222b
7 changed files with 34 additions and 18 deletions
--- a/.travis.yml
+++ b/.travis.yml
@ -40,8 +40,10 @@ script:
  - 'sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm ansible-playbook /etc/ansible/roles/role_under_test/tests/test.yml'

  # Test role idempotence.
+  - idempotence=$(mktemp)
+  - sudo docker exec "$(cat ${container_id})" ansible-playbook /etc/ansible/roles/role_under_test/tests/test.yml | tee -a ${idempotence}
  - >
-    sudo docker exec "$(cat ${container_id})" ansible-playbook /etc/ansible/roles/role_under_test/tests/test.yml
+    tail ${idempotence}
    | grep -q 'changed=0.*failed=0'
    && (echo 'Idempotence test: pass' && exit 0)
    || (echo 'Idempotence test: fail' && exit 1)
--- a/README.md
+++ b/README.md
@ -1,8 +1,8 @@
-# Ansible Role: Let's Encrypt
+# Ansible Role: Certbot (for Let's Encrypt)

-[![Build Status](https://travis-ci.org/geerlingguy/ansible-role-letsencrypt.svg?branch=master)](https://travis-ci.org/geerlingguy/ansible-role-letsencrypt)
+[![Build Status](https://travis-ci.org/geerlingguy/ansible-role-certbot.svg?branch=master)](https://travis-ci.org/geerlingguy/ansible-role-certbot)

-Installs Let's Encrypt for RHEL/CentOS or Debian/Ubuntu.
+Installs Certbot (for Let's Encrypt) for RHEL/CentOS or Debian/Ubuntu.

 ## Requirements

@ -22,6 +22,24 @@ None.
      roles:
        - geerlingguy.letsencrypt

+After installation, you can create certificates using the `certbot-auto` script, which by default is installed inside the configured `certbot_dir`, so by default, `/opt/certbot/certbot-auto`. Here are some example commands to configure certificates with Certbot:
+
+    # Automatically add certs for all Apache virtualhosts (use with caution!).
+    /opt/certbot/certbot-auto --apache
+    
+    # Generate certs, but don't modify Apache configuration (safer).
+    /opt/certbot/certbot-auto --apache certonly
+
+To set up renewals, you should run the following command periodically (e.g. once or twice per day):
+
+    /opt/certbot/certbot-auto renew --quiet --no-self-upgrade
+
+You can test the auto-renewal (without actually renewing the cert) with the command:
+
+    /opt/certbot/certbot-auto renew --dry-run
+
+See full documentation and options on the [Certbot website](https://certbot.eff.org/).
+
 ## License

 MIT / BSD
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -1,6 +1,6 @@
 ---
-letsencrypt_repo: https://github.com/letsencrypt/letsencrypt
-letsencrypt_version: master
-letsencrypt_keep_updated: yes
+certbot_repo: https://github.com/certbot/certbot.git
+certbot_version: master
+certbot_keep_updated: yes

-letsencrypt_dir: /opt/letsencrypt
+certbot_dir: /opt/certbot
--- a/meta/main.yml
+++ b/meta/main.yml
@ -3,7 +3,7 @@ dependencies: []

 galaxy_info:
  author: geerlingguy
-  description: "Let's Encrypt for RHEL/CentOS and Debian/Ubuntu."
+  description: "Certbot (for Let's Encrypt) for RHEL/CentOS and Debian/Ubuntu."
  company: "Midwestern Mac, LLC"
  license: "license (BSD, MIT)"
  min_ansible_version: 1.8
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -1,7 +1,7 @@
 ---
- name: Clone Let's Encrypt into configured directory.
+- name: Clone Certbot into configured directory.
  git:
-    repo: "{{ letsencrypt_repo }}"
-    dest: "{{ letsencrypt_dir }}"
-    version: "{{ letsencrypt_version }}"
-    update: "{{ letsencrypt_keep_updated }}"
+    repo: "{{ certbot_repo }}"
+    dest: "{{ certbot_dir }}"
+    version: "{{ certbot_version }}"
+    update: "{{ certbot_keep_updated }}"
--- a/vars/Debian.yml
+++ b/vars/Debian.yml
@ -1,2 +0,0 @@
---
-samba_daemon: smbd
--- a/vars/RedHat.yml
+++ b/vars/RedHat.yml
@ -1,2 +0,0 @@
---
-samba_daemon: smb