certbot_create_method 'nginx'

2025-10-06 10:11:18 +02:00 · 2025-10-01 01:29:06 +02:00 · 2025-10-01 01:29:06 +02:00 · 53d15320e6
commit 53d15320e6
parent 1873e2a243
4 changed files with 30 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -30,6 +30,7 @@ Current methods supported for generating new certificates using this role:

  - `standalone`
  - `webroot`
+  - `nginx`
  - `dns-cloudflare`

 **For a complete example**: see the fully functional test playbook in [molecule/default/playbook-standalone-nginx-aws.yml](molecule/default/playbook-standalone-nginx-aws.yml).
@ -90,6 +91,10 @@ This install method is currently experimental and may or may not work across all

 When using the `webroot` creation method, a `webroot` item has to be provided for every `certbot_certs` item, specifying which directory to use for the authentication. Also, make sure your webserver correctly delivers contents from this directory.

+### nginx Certificate Generation
+
+When using the `nginx` creation method, `nginx` package will be installed as a dependency of `python3-certbot-nginx`.
+
 #### dns-cloudflare Certificate Generation

 When using the `dns-cloudflare` creation method, set `certbot_dns_cloudflare_api_token` with your Cloudflare API token.
--- a/tasks/create-cert-nginx.yml
+++ b/tasks/create-cert-nginx.yml
@ -0,0 +1,15 @@
+---
+- name: Determine certificate name
+  set_fact:
+    cert_item_name: "{{ cert_item.name | default(cert_item.domains | first | replace('*.', '')) }}"
+
+- name: Check if certificate already exists.
+  stat:
+    path: /etc/letsencrypt/live/{{ cert_item.domains | first | replace('*.', '') }}/cert.pem
+  register: letsencrypt_cert
+  become: true
+
+- name: Generate new certificate if one doesn't exist.
+  command: "{{ certbot_create_command }}"
+  when: not letsencrypt_cert.stat.exists
+  become: true
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -40,6 +40,14 @@
  loop_control:
    loop_var: cert_item

+- include_tasks: create-cert-nginx.yml
+  with_items: "{{ certbot_certs }}"
+  when:
+    - certbot_create_if_missing
+    - certbot_create_method == 'nginx'
+  loop_control:
+    loop_var: cert_item
+
 - include_tasks: create-cert-dns-cloudflare.yml
  with_items: "{{ certbot_certs }}"
  when:
--- a/vars/default.yml
+++ b/vars/default.yml
@ -1,5 +1,7 @@
 ---
 certbot_package: certbot
 certbot_create_packages:
+  nginx:
+    - python3-certbot-nginx
  'dns-cloudflare':
    - python3-certbot-dns-cloudflare