gregandev
/
ansible-role-certbot
mirror of https://github.com/geerlingguy/ansible-role-certbot
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Issue #6: Add more documentation around automatically generating certs.

Browse Source
pull/31/head
Jeff Geerling 7 years ago
parent 01d801c4b7
commit f00a0ba181
1 changed files with 17 additions and 3 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 20
      README.md

20
README.md
Unescape View File

@ -50,13 +50,27 @@ None.
roles: roles:
- geerlingguy.certbot - geerlingguy.certbot
After installation, you can create certificates using the `certbot` (or `certbot-auto`) script, which by default is installed inside the configured `certbot_dir` (when using Git). Here are some example commands to configure certificates with Certbot: ### Creating certificates with certbot
After installation, you can create certificates using the `certbot` (or `certbot-auto`) script (use `letsencrypt` on Ubuntu 16.04, or use `/opt/certbot/certbot-auto` if installing from source/Git. Here are some example commands to configure certificates with Certbot:
# Automatically add certs for all Apache virtualhosts (use with caution!). # Automatically add certs for all Apache virtualhosts (use with caution!).
/opt/certbot/certbot-auto --apache certbot --apache
# Generate certs, but don't modify Apache configuration (safer). # Generate certs, but don't modify Apache configuration (safer).
/opt/certbot/certbot-auto --apache certonly certbot --apache certonly
If you want to fully automate the process of adding a new certificate, you can do so using the command line options to register, accept the terms of service, and then generate a cert using the standalone server:
1. Make sure any services listening on port 80 (Apache, Nginx, Varnish, etc.) are stopped.
2. Register with something like `certbot register --agree-tos --email [your-email@example.com]`
- Note: You won't need to do this step in the future, when generating additional certs on the same server.
3. Generate a cert for a domain whose DNS points to this server: `certbot certonly --noninteractive --standalone -d example.com -d www.example.com`
4. Re-start whatever was listening on port 80 before.
5. Update your webserver's virtualhost TLS configuration to point at the new certificate (`fullchain.pem`) and private key (`privkey.pem`) Certbot just generated for the domain you passed in the `certbot` command.
6. Restart your webserver so it uses the new HTTPS virtualhost configuration.
### Certbot certificate auto-renewal
By default, this role adds a cron job that will renew all installed certificates once per day at the hour and minute of your choosing. By default, this role adds a cron job that will renew all installed certificates once per day at the hour and minute of your choosing.

Write Preview
Loading…
Cancel
Save