remove install from soure

2025-09-13 17:41:10 +02:00 · 2025-08-20 20:56:29 -04:00 · 2025-08-20 20:56:29 -04:00 · 8adc76f237
commit 8adc76f237
parent d408884f18
12 changed files with 49 additions and 93 deletions
--- a/README.md
+++ b/README.md
@ -6,15 +6,12 @@ Installs and configures Certbot (for Let's Encrypt).
 ## Requirements
 If installing from source, Git is required. You can install Git using the `geerlingguy.git` role.
 Generally, installing from source (see section `Source Installation from Git`) leads to a better experience using Certbot and Let's Encrypt, especially if you're using an older OS release.
 ## Role Variables
    certbot_install_method: package
-Controls how Certbot is installed. Available options are 'package', 'snap', and 'source'.
+Controls how Certbot is installed. Available options are 'package' and 'snap'.
    certbot_auto_renew: true
    certbot_auto_renew_user: "{{ ansible_user | default(lookup('env', 'USER')) }}"
@ -67,7 +64,7 @@ The `certbot_create_command` defines the command used to generate the cert. See
 #### Standalone Certificate Generation
-    certbot_create_standalone_stop_services:
+    certbot_create_stop_services:
      - nginx
 Services that should be stopped while `certbot` runs it's own standalone server on ports 80 and 443. If you're running Apache, set this to `apache2` (Ubuntu), or `httpd` (RHEL), or if you have Nginx on port 443 and something else on port 80 (e.g. Varnish, a Java app, or something else), add it to the list so it is stopped when the certificate is generated.
@ -105,19 +102,6 @@ For API token setup:
 This method supports wildcard certificates and doesn't require your server to be publicly accessible on ports 80/443.
 ### Source Installation from Git
 You can install Certbot from it's Git source repository if desired with `certbot_install_method: source`. This might be useful in several cases, but especially when older distributions don't have Certbot packages available (e.g. CentOS < 7, Ubuntu < 16.10 and Debian < 8).
    certbot_repo: https://github.com/certbot/certbot.git
    certbot_version: master
    certbot_keep_updated: true
 Certbot Git repository options. If installing from source, the configured `certbot_repo` is cloned, respecting the `certbot_version` setting. If `certbot_keep_updated` is set to `yes`, the repository is updated every time this role runs.
    certbot_dir: /opt/certbot
 The directory inside which Certbot will be cloned.
 ### Wildcard Certificates
@ -147,7 +131,7 @@ See other examples in the `tests/` directory.
 _Note: You can have this role automatically generate certificates; see the "Automatic Certificate Generation" documentation above._
-You can manually create certificates using the `certbot` (or `certbot-auto`) script (use `letsencrypt` on Ubuntu 16.04, or use `/opt/certbot/certbot-auto` if installing from source/Git. Here are some example commands to configure certificates with Certbot:
+You can manually create certificates using the `certbot` (or `certbot-auto`) script (use `letsencrypt` on Ubuntu 16.04). Here are some example commands to configure certificates with Certbot:
    # Automatically add certs for all Apache virtualhosts (use with caution!).
    certbot --apache
@ -171,7 +155,7 @@ By default, this role adds a cron job that will renew all installed certificates
 You can test the auto-renewal (without actually renewing the cert) with the command:
-    /opt/certbot/certbot-auto renew --dry-run
+    certbot renew --dry-run
 See full documentation and options on the [Certbot website](https://certbot.eff.org/).
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -52,27 +52,19 @@ certbot_create_command: >-
  -d {{ cert_item.domains | join(',') }}
  {{ '--expand' if certbot_expand else '' }}
  {{ '--pre-hook /etc/letsencrypt/renewal-hooks/pre/stop_services'
-    if certbot_create_standalone_stop_services and certbot_create_method == 'standalone'
+    if certbot_create_stop_services and certbot_create_method == 'standalone'
  else '' }}
  {{ '--post-hook /etc/letsencrypt/renewal-hooks/post/start_services'
-    if certbot_create_standalone_stop_services and certbot_create_method == 'standalone'
+    if certbot_create_stop_services and certbot_create_method == 'standalone'
  else '' }}
  {{ "--deploy-hook '" ~ cert_item.deploy_hook ~ "'"
    if 'deploy_hook' in cert_item
  else '' }}
-certbot_create_standalone_stop_services:
+certbot_create_stop_services: []
-  - nginx
+  # - nginx
  # - apache
  # - varnish
-# Available options: 'package', 'snap', 'source'.
+# Available options: 'package', 'snap'.
 certbot_install_method: 'package'
 # Source install configuration.
 certbot_repo: https://github.com/certbot/certbot.git
 certbot_version: master
 certbot_keep_updated: true
 # Where to put Certbot when installing from source.
 certbot_dir: /opt/certbot
--- a/molecule/default/playbook-snap-install.yml
+++ b/molecule/default/playbook-snap-install.yml
@ -22,5 +22,4 @@
      when: ansible_os_family == 'Debian'
  roles:
    - geerlingguy.git
    - simoncaron.certbot
--- a/molecule/default/playbook-source-install.yml
+++ b/molecule/default/playbook-source-install.yml
@ -1,26 +0,0 @@
 ---
 - name: Converge
  hosts: all
  #become: true
  vars:
    certbot_install_method: 'source'
    certbot_auto_renew_user: root
  pre_tasks:
    - name: Update apt cache.
      apt: update_cache=yes cache_valid_time=600
      when: ansible_os_family == 'Debian'
      changed_when: false
    - name: Install cron (RedHat).
      yum: name=cronie state=present
      when: ansible_os_family == 'RedHat'
    - name: Install cron (Debian).
      apt: name=cron state=present
      when: ansible_os_family == 'Debian'
  roles:
    - geerlingguy.git
    - simoncaron.certbot
--- a/molecule/default/playbook-standalone-nginx-aws.yml
+++ b/molecule/default/playbook-standalone-nginx-aws.yml
@ -89,7 +89,7 @@
  vars:
    certbot_admin_email: https@servercheck.in
    certbot_create_if_missing: true
-    certbot_create_standalone_stop_services: []
+    certbot_create_stop_services: []
    certbot_certs:
      - name: certbot-test.servercheck.in
        domains:
--- a/molecule/default/requirements.yml
+++ b/molecule/default/requirements.yml
@ -1,3 +1,2 @@
 ---
 - src: geerlingguy.git
 - src: geerlingguy.nginx
--- a/tasks/create-cert-dns-cloudflare.yml
+++ b/tasks/create-cert-dns-cloudflare.yml
@ -17,6 +17,39 @@
    mode: 0600
  when: certbot_cloudflare_email or certbot_cloudflare_api_token
 - name: Ensure pre and post hook folders exist.
  file:
    path: /etc/letsencrypt/renewal-hooks/{{ item }}
    state: directory
    mode: 0755
    owner: root
    group: root
  with_items:
    - pre
    - post
 - name: Create pre hook to stop services.
  template:
    src: stop_services.j2
    dest: /etc/letsencrypt/renewal-hooks/pre/stop_services
    owner: root
    group: root
    mode: 0750
  when:
    - certbot_create_stop_services is defined
    - certbot_create_stop_services
 - name: Create post hook to start services.
  template:
    src: start_services.j2
    dest: /etc/letsencrypt/renewal-hooks/post/start_services
    owner: root
    group: root
    mode: 0750
  when:
    - certbot_create_stop_services is defined
    - certbot_create_stop_services
 - name: Check if domains have changed
  block:
    - name: Register certificate domains
--- a/tasks/create-cert-standalone.yml
+++ b/tasks/create-cert-standalone.yml
@ -27,8 +27,8 @@
    group: root
    mode: 0750
  when:
-    - certbot_create_standalone_stop_services is defined
+    - certbot_create_stop_services is defined
-    - certbot_create_standalone_stop_services
+    - certbot_create_stop_services
 - name: Create post hook to start services.
  template:
@ -38,8 +38,8 @@
    group: root
    mode: 0750
  when:
-    - certbot_create_standalone_stop_services is defined
+    - certbot_create_stop_services is defined
-    - certbot_create_standalone_stop_services
+    - certbot_create_stop_services
 - name: Check if domains have changed
  block:
--- a/tasks/install-from-source.yml
+++ b/tasks/install-from-source.yml
@ -1,23 +0,0 @@
 ---
 - name: Clone Certbot into configured directory.
  git:
    repo: "{{ certbot_repo }}"
    dest: "{{ certbot_dir }}"
    version: "{{ certbot_version }}"
    update: "{{ certbot_keep_updated }}"
    force: true
 - name: Set Certbot script variable.
  set_fact:
    certbot_script: "{{ certbot_dir }}/certbot-auto"
 - name: Ensure certbot-auto is executable.
  file:
    path: "{{ certbot_script }}"
    mode: 0755
 - name: Install certbot-dns-cloudflare plugin via pip.
  pip:
    name: certbot-dns-cloudflare
    state: present
  when: certbot_create_method == 'dns-cloudflare'
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -10,8 +10,6 @@
 - import_tasks: install-with-snap.yml
  when: certbot_install_method == 'snap'
 - import_tasks: install-from-source.yml
  when: certbot_install_method == 'source'
 - include_tasks: create-cert-standalone.yml
  with_items: "{{ certbot_certs }}"
--- a/templates/start_services.j2
+++ b/templates/start_services.j2
@ -1,7 +1,7 @@
 #!/bin/bash
 # {{ ansible_managed }}
-{% for item in certbot_create_standalone_stop_services %}
+{% for item in certbot_create_stop_services %}
 echo "starting service {{ item }}"
 {% if ansible_service_mgr == 'systemd' %}
 systemctl start {{ item }}
--- a/templates/stop_services.j2
+++ b/templates/stop_services.j2
@ -1,7 +1,7 @@
 #!/bin/bash
 # {{ ansible_managed }}
-{% for item in certbot_create_standalone_stop_services %}
+{% for item in certbot_create_stop_services %}
 echo "stopping service {{ item }}"
 {% if ansible_service_mgr == 'systemd' %}
 systemctl stop {{ item }}