@ -26,14 +26,25 @@ By default, this role configures a cron job to run under the provided user accou
### Automatic Certificate Generation
### Automatic Certificate Generation
Currently there is one built-in method for generating new certificates using this role: `standalone`. Other methods (e.g. using nginx or apache and a webroot) may be added in the future.
Currently the`standalone` and `webroot` method are supported for generating new certificates using this role.
**For a complete example**: see the fully functional test playbook in [molecule/default/playbook-standalone-nginx-aws.yml](molecule/default/playbook-standalone-nginx-aws.yml).
**For a complete example**: see the fully functional test playbook in [molecule/default/playbook-standalone-nginx-aws.yml](molecule/default/playbook-standalone-nginx-aws.yml).
certbot_create_if_missing: false
certbot_create_if_missing: false
Set `certbot_create_if_missing` to `yes` or `True` to let this role generate certs.
certbot_create_method: standalone
certbot_create_method: standalone
Set `certbot_create_if_missing` to `yes` or `True` to let this role generate certs. Set the method used for generating certs with the `certbot_create_method` variable—current allowed values include: `standalone`.
Set the method used for generating certs with the `certbot_create_method` variable — current allowed values are: `standalone` or `webroot`.
certbot_testmode: false
Enable test mode to only run a test request without actually creating certificates.
certbot_hsts: false
Enable (HTTP Strict Transport Security) for the certificate generation.
certbot_admin_email: email@example.com
certbot_admin_email: email@example.com
@ -41,13 +52,14 @@ The email address used to agree to Let's Encrypt's TOS and subscribe to cert-rel
certbot_certs: []
certbot_certs: []
# - email: janedoe@example.com
# - email: janedoe@example.com
# webroot: "/var/www/html"
# domains:
# domains:
# - example1.com
# - example1.com
# - example2.com
# - example2.com
# - domains:
# - domains:
# - example3.com
# - example3.com
A list of domains (and other data) for which certs should be generated. You can add an `email` key to any list item to override the `certbot_admin_email`.
A list of domains (and other data) for which certs should be generated. You can add an `email` key to any list item to override the `certbot_admin_email`. When using the `webroot` creation method, a `webroot` item has to be provided, specifying which directory to use for the authentication. Make sure your webserver correctly delivers contents from this directory.
@ -70,6 +82,10 @@ Setting `certbot_install_method: snap` configures this role to install Certbot v
This install method is currently experimental and may or may not work across all Linux distributions.
This install method is currently experimental and may or may not work across all Linux distributions.
#### Webroot Certificate Generation
When using the `webroot` creation method, a `webroot` item has to be provided for every `certbot_certs` item, specifying which directory to use for the authentication. Also, make sure your webserver correctly delivers contents from this directory.
### Source Installation from Git
### Source Installation from Git
You can install Certbot from it's Git source repository if desired with `certbot_install_method: source`. This might be useful in several cases, but especially when older distributions don't have Certbot packages available (e.g. CentOS <7,Ubuntu<16.10andDebian<8).
You can install Certbot from it's Git source repository if desired with `certbot_install_method: source`. This might be useful in several cases, but especially when older distributions don't have Certbot packages available (e.g. CentOS <7,Ubuntu<16.10andDebian<8).