gregandev/ansible-role-certbot
gregandev/ansible-role-certbot
1
0
Fork 0
mirror of https://github.com/geerlingguy/ansible-role-certbot.git synced 2025-10-06 18:21:14 +02:00
Code Issues Projects Releases Wiki Activity

certbot_create_method 'nginx'

Browse Source
This commit is contained in:
Victor Seva 2025-10-01 01:29:06 +02:00
parent 1873e2a243
commit 53d15320e6
No known key found for this signature in database
GPG Key ID: 7D7B65C42A0EC8B2
4 changed files with 30 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
README.md
View File

@ -30,6 +30,7 @@ Current methods supported for generating new certificates using this role:
- `standalone` - `standalone`
- `webroot` - `webroot`
- `nginx`
- `dns-cloudflare` - `dns-cloudflare`
**For a complete example**: see the fully functional test playbook in [molecule/default/playbook-standalone-nginx-aws.yml](molecule/default/playbook-standalone-nginx-aws.yml). **For a complete example**: see the fully functional test playbook in [molecule/default/playbook-standalone-nginx-aws.yml](molecule/default/playbook-standalone-nginx-aws.yml).
@ -90,6 +91,10 @@ This install method is currently experimental and may or may not work across all
When using the `webroot` creation method, a `webroot` item has to be provided for every `certbot_certs` item, specifying which directory to use for the authentication. Also, make sure your webserver correctly delivers contents from this directory. When using the `webroot` creation method, a `webroot` item has to be provided for every `certbot_certs` item, specifying which directory to use for the authentication. Also, make sure your webserver correctly delivers contents from this directory.
### nginx Certificate Generation
When using the `nginx` creation method, `nginx` package will be installed as a dependency of `python3-certbot-nginx`.
#### dns-cloudflare Certificate Generation #### dns-cloudflare Certificate Generation
When using the `dns-cloudflare` creation method, set `certbot_dns_cloudflare_api_token` with your Cloudflare API token. When using the `dns-cloudflare` creation method, set `certbot_dns_cloudflare_api_token` with your Cloudflare API token.

15
tasks/create-cert-nginx.yml Normal file
View File

@ -0,0 +1,15 @@
---
- name: Determine certificate name
set_fact:
cert_item_name: "{{ cert_item.name | default(cert_item.domains | first | replace('*.', '')) }}"
- name: Check if certificate already exists.
stat:
path: /etc/letsencrypt/live/{{ cert_item.domains | first | replace('*.', '') }}/cert.pem
register: letsencrypt_cert
become: true
- name: Generate new certificate if one doesn't exist.
command: "{{ certbot_create_command }}"
when: not letsencrypt_cert.stat.exists
become: true

8
tasks/main.yml
View File

@ -40,6 +40,14 @@
loop_control: loop_control:
loop_var: cert_item loop_var: cert_item
- include_tasks: create-cert-nginx.yml
with_items: "{{ certbot_certs }}"
when:
- certbot_create_if_missing
- certbot_create_method == 'nginx'
loop_control:
loop_var: cert_item
- include_tasks: create-cert-dns-cloudflare.yml - include_tasks: create-cert-dns-cloudflare.yml
with_items: "{{ certbot_certs }}" with_items: "{{ certbot_certs }}"
when: when:

2
vars/default.yml
View File

@ -1,5 +1,7 @@
--- ---
certbot_package: certbot certbot_package: certbot
certbot_create_packages: certbot_create_packages:
nginx:
- python3-certbot-nginx
'dns-cloudflare': 'dns-cloudflare':
- python3-certbot-dns-cloudflare - python3-certbot-dns-cloudflare