mirror of
				https://github.com/geerlingguy/ansible-role-certbot.git
				synced 2025-10-26 18:01:16 +01:00 
			
		
		
		
	remove install from soure
This commit is contained in:
		
							parent
							
								
									d408884f18
								
							
						
					
					
						commit
						8adc76f237
					
				
							
								
								
									
										24
									
								
								README.md
									
									
									
									
									
								
							
							
						
						
									
										24
									
								
								README.md
									
									
									
									
									
								
							| @ -6,15 +6,12 @@ Installs and configures Certbot (for Let's Encrypt). | ||||
| 
 | ||||
| ## Requirements | ||||
| 
 | ||||
| If installing from source, Git is required. You can install Git using the `geerlingguy.git` role. | ||||
| 
 | ||||
| Generally, installing from source (see section `Source Installation from Git`) leads to a better experience using Certbot and Let's Encrypt, especially if you're using an older OS release. | ||||
| 
 | ||||
| ## Role Variables | ||||
| 
 | ||||
|     certbot_install_method: package | ||||
| 
 | ||||
| Controls how Certbot is installed. Available options are 'package', 'snap', and 'source'. | ||||
| Controls how Certbot is installed. Available options are 'package' and 'snap'. | ||||
| 
 | ||||
|     certbot_auto_renew: true | ||||
|     certbot_auto_renew_user: "{{ ansible_user | default(lookup('env', 'USER')) }}" | ||||
| @ -67,7 +64,7 @@ The `certbot_create_command` defines the command used to generate the cert. See | ||||
| 
 | ||||
| #### Standalone Certificate Generation | ||||
| 
 | ||||
|     certbot_create_standalone_stop_services: | ||||
|     certbot_create_stop_services: | ||||
|       - nginx | ||||
| 
 | ||||
| Services that should be stopped while `certbot` runs it's own standalone server on ports 80 and 443. If you're running Apache, set this to `apache2` (Ubuntu), or `httpd` (RHEL), or if you have Nginx on port 443 and something else on port 80 (e.g. Varnish, a Java app, or something else), add it to the list so it is stopped when the certificate is generated. | ||||
| @ -105,19 +102,6 @@ For API token setup: | ||||
| 
 | ||||
| This method supports wildcard certificates and doesn't require your server to be publicly accessible on ports 80/443. | ||||
| 
 | ||||
| ### Source Installation from Git | ||||
| 
 | ||||
| You can install Certbot from it's Git source repository if desired with `certbot_install_method: source`. This might be useful in several cases, but especially when older distributions don't have Certbot packages available (e.g. CentOS < 7, Ubuntu < 16.10 and Debian < 8). | ||||
| 
 | ||||
|     certbot_repo: https://github.com/certbot/certbot.git | ||||
|     certbot_version: master | ||||
|     certbot_keep_updated: true | ||||
| 
 | ||||
| Certbot Git repository options. If installing from source, the configured `certbot_repo` is cloned, respecting the `certbot_version` setting. If `certbot_keep_updated` is set to `yes`, the repository is updated every time this role runs. | ||||
| 
 | ||||
|     certbot_dir: /opt/certbot | ||||
| 
 | ||||
| The directory inside which Certbot will be cloned. | ||||
| 
 | ||||
| ### Wildcard Certificates | ||||
| 
 | ||||
| @ -147,7 +131,7 @@ See other examples in the `tests/` directory. | ||||
| 
 | ||||
| _Note: You can have this role automatically generate certificates; see the "Automatic Certificate Generation" documentation above._ | ||||
| 
 | ||||
| You can manually create certificates using the `certbot` (or `certbot-auto`) script (use `letsencrypt` on Ubuntu 16.04, or use `/opt/certbot/certbot-auto` if installing from source/Git. Here are some example commands to configure certificates with Certbot: | ||||
| You can manually create certificates using the `certbot` (or `certbot-auto`) script (use `letsencrypt` on Ubuntu 16.04). Here are some example commands to configure certificates with Certbot: | ||||
| 
 | ||||
|     # Automatically add certs for all Apache virtualhosts (use with caution!). | ||||
|     certbot --apache | ||||
| @ -171,7 +155,7 @@ By default, this role adds a cron job that will renew all installed certificates | ||||
| 
 | ||||
| You can test the auto-renewal (without actually renewing the cert) with the command: | ||||
| 
 | ||||
|     /opt/certbot/certbot-auto renew --dry-run | ||||
|     certbot renew --dry-run | ||||
| 
 | ||||
| See full documentation and options on the [Certbot website](https://certbot.eff.org/). | ||||
| 
 | ||||
|  | ||||
| @ -52,27 +52,19 @@ certbot_create_command: >- | ||||
|   -d {{ cert_item.domains | join(',') }} | ||||
|   {{ '--expand' if certbot_expand else '' }} | ||||
|   {{ '--pre-hook /etc/letsencrypt/renewal-hooks/pre/stop_services' | ||||
|     if certbot_create_standalone_stop_services and certbot_create_method == 'standalone' | ||||
|     if certbot_create_stop_services and certbot_create_method == 'standalone' | ||||
|   else '' }} | ||||
|   {{ '--post-hook /etc/letsencrypt/renewal-hooks/post/start_services' | ||||
|     if certbot_create_standalone_stop_services and certbot_create_method == 'standalone' | ||||
|     if certbot_create_stop_services and certbot_create_method == 'standalone' | ||||
|   else '' }} | ||||
|   {{ "--deploy-hook '" ~ cert_item.deploy_hook ~ "'" | ||||
|     if 'deploy_hook' in cert_item | ||||
|   else '' }} | ||||
| 
 | ||||
| certbot_create_standalone_stop_services: | ||||
|   - nginx | ||||
| certbot_create_stop_services: [] | ||||
|   # - nginx | ||||
|   # - apache | ||||
|   # - varnish | ||||
| 
 | ||||
| # Available options: 'package', 'snap', 'source'. | ||||
| # Available options: 'package', 'snap'. | ||||
| certbot_install_method: 'package' | ||||
| 
 | ||||
| # Source install configuration. | ||||
| certbot_repo: https://github.com/certbot/certbot.git | ||||
| certbot_version: master | ||||
| certbot_keep_updated: true | ||||
| 
 | ||||
| # Where to put Certbot when installing from source. | ||||
| certbot_dir: /opt/certbot | ||||
|  | ||||
| @ -22,5 +22,4 @@ | ||||
|       when: ansible_os_family == 'Debian' | ||||
| 
 | ||||
|   roles: | ||||
|     - geerlingguy.git | ||||
|     - simoncaron.certbot | ||||
|  | ||||
| @ -1,26 +0,0 @@ | ||||
| --- | ||||
| - name: Converge | ||||
|   hosts: all | ||||
|   #become: true | ||||
| 
 | ||||
|   vars: | ||||
|     certbot_install_method: 'source' | ||||
|     certbot_auto_renew_user: root | ||||
| 
 | ||||
|   pre_tasks: | ||||
|     - name: Update apt cache. | ||||
|       apt: update_cache=yes cache_valid_time=600 | ||||
|       when: ansible_os_family == 'Debian' | ||||
|       changed_when: false | ||||
| 
 | ||||
|     - name: Install cron (RedHat). | ||||
|       yum: name=cronie state=present | ||||
|       when: ansible_os_family == 'RedHat' | ||||
| 
 | ||||
|     - name: Install cron (Debian). | ||||
|       apt: name=cron state=present | ||||
|       when: ansible_os_family == 'Debian' | ||||
| 
 | ||||
|   roles: | ||||
|     - geerlingguy.git | ||||
|     - simoncaron.certbot | ||||
| @ -89,7 +89,7 @@ | ||||
|   vars: | ||||
|     certbot_admin_email: https@servercheck.in | ||||
|     certbot_create_if_missing: true | ||||
|     certbot_create_standalone_stop_services: [] | ||||
|     certbot_create_stop_services: [] | ||||
|     certbot_certs: | ||||
|       - name: certbot-test.servercheck.in | ||||
|         domains: | ||||
|  | ||||
| @ -1,3 +1,2 @@ | ||||
| --- | ||||
| - src: geerlingguy.git | ||||
| - src: geerlingguy.nginx | ||||
|  | ||||
| @ -17,6 +17,39 @@ | ||||
|     mode: 0600 | ||||
|   when: certbot_cloudflare_email or certbot_cloudflare_api_token | ||||
| 
 | ||||
| - name: Ensure pre and post hook folders exist. | ||||
|   file: | ||||
|     path: /etc/letsencrypt/renewal-hooks/{{ item }} | ||||
|     state: directory | ||||
|     mode: 0755 | ||||
|     owner: root | ||||
|     group: root | ||||
|   with_items: | ||||
|     - pre | ||||
|     - post | ||||
| 
 | ||||
| - name: Create pre hook to stop services. | ||||
|   template: | ||||
|     src: stop_services.j2 | ||||
|     dest: /etc/letsencrypt/renewal-hooks/pre/stop_services | ||||
|     owner: root | ||||
|     group: root | ||||
|     mode: 0750 | ||||
|   when: | ||||
|     - certbot_create_stop_services is defined | ||||
|     - certbot_create_stop_services | ||||
| 
 | ||||
| - name: Create post hook to start services. | ||||
|   template: | ||||
|     src: start_services.j2 | ||||
|     dest: /etc/letsencrypt/renewal-hooks/post/start_services | ||||
|     owner: root | ||||
|     group: root | ||||
|     mode: 0750 | ||||
|   when: | ||||
|     - certbot_create_stop_services is defined | ||||
|     - certbot_create_stop_services | ||||
| 
 | ||||
| - name: Check if domains have changed | ||||
|   block: | ||||
|     - name: Register certificate domains | ||||
|  | ||||
| @ -27,8 +27,8 @@ | ||||
|     group: root | ||||
|     mode: 0750 | ||||
|   when: | ||||
|     - certbot_create_standalone_stop_services is defined | ||||
|     - certbot_create_standalone_stop_services | ||||
|     - certbot_create_stop_services is defined | ||||
|     - certbot_create_stop_services | ||||
| 
 | ||||
| - name: Create post hook to start services. | ||||
|   template: | ||||
| @ -38,8 +38,8 @@ | ||||
|     group: root | ||||
|     mode: 0750 | ||||
|   when: | ||||
|     - certbot_create_standalone_stop_services is defined | ||||
|     - certbot_create_standalone_stop_services | ||||
|     - certbot_create_stop_services is defined | ||||
|     - certbot_create_stop_services | ||||
| 
 | ||||
| - name: Check if domains have changed | ||||
|   block: | ||||
|  | ||||
| @ -1,23 +0,0 @@ | ||||
| --- | ||||
| - name: Clone Certbot into configured directory. | ||||
|   git: | ||||
|     repo: "{{ certbot_repo }}" | ||||
|     dest: "{{ certbot_dir }}" | ||||
|     version: "{{ certbot_version }}" | ||||
|     update: "{{ certbot_keep_updated }}" | ||||
|     force: true | ||||
| 
 | ||||
| - name: Set Certbot script variable. | ||||
|   set_fact: | ||||
|     certbot_script: "{{ certbot_dir }}/certbot-auto" | ||||
| 
 | ||||
| - name: Ensure certbot-auto is executable. | ||||
|   file: | ||||
|     path: "{{ certbot_script }}" | ||||
|     mode: 0755 | ||||
| 
 | ||||
| - name: Install certbot-dns-cloudflare plugin via pip. | ||||
|   pip: | ||||
|     name: certbot-dns-cloudflare | ||||
|     state: present | ||||
|   when: certbot_create_method == 'dns-cloudflare' | ||||
| @ -10,8 +10,6 @@ | ||||
| - import_tasks: install-with-snap.yml | ||||
|   when: certbot_install_method == 'snap' | ||||
| 
 | ||||
| - import_tasks: install-from-source.yml | ||||
|   when: certbot_install_method == 'source' | ||||
| 
 | ||||
| - include_tasks: create-cert-standalone.yml | ||||
|   with_items: "{{ certbot_certs }}" | ||||
|  | ||||
| @ -1,7 +1,7 @@ | ||||
| #!/bin/bash | ||||
| # {{ ansible_managed }} | ||||
| 
 | ||||
| {% for item in certbot_create_standalone_stop_services %} | ||||
| {% for item in certbot_create_stop_services %} | ||||
| echo "starting service {{ item }}" | ||||
| {% if ansible_service_mgr == 'systemd' %} | ||||
| systemctl start {{ item }} | ||||
|  | ||||
| @ -1,7 +1,7 @@ | ||||
| #!/bin/bash | ||||
| # {{ ansible_managed }} | ||||
| 
 | ||||
| {% for item in certbot_create_standalone_stop_services %} | ||||
| {% for item in certbot_create_stop_services %} | ||||
| echo "stopping service {{ item }}" | ||||
| {% if ansible_service_mgr == 'systemd' %} | ||||
| systemctl stop {{ item }} | ||||
|  | ||||
		Loading…
	
	
			
			x
			
			
		
	
		Reference in New Issue
	
	Block a user
	