gregandev/ansible-role-certbot
gregandev/ansible-role-certbot
1
0
Fork 0
mirror of https://github.com/geerlingguy/ansible-role-certbot.git synced 2026-05-08 04:01:20 +02:00
Code Issues Projects Releases Wiki Activity
ansible-role-certbot/tasks/install-with-pip.yml
Stefan Grosser 84e0193e31 Add pip-in-venv install method, deprecate source install 
certbot-auto was removed from the certbot repo by EFF in 2021 (see issue
#204), which leaves certbot_install_method: source broken — the existing
install-from-source.yml still references {{ certbot_dir }}/certbot-auto,
a path that no longer exists after the git clone.

This adds a new install method `pip` that follows EFF's recommended
install path (https://certbot.eff.org/instructions?os=pip): create a
Python venv at {{ certbot_dir }}, pip install certbot, symlink the
binary onto PATH at /usr/local/bin/certbot.

Plugins (e.g. certbot-dns-rfc2136, certbot-dns-cloudflare) can be
opted into per-host via a new certbot_pip_extra_packages list, which
installs additional pip packages into the same venv after certbot.

The legacy `source` method is left in place for backwards compatibility
but is now documented as deprecated in the README and defaults file.

Tested on Debian 12 and Debian 13.
2026-05-04 13:37:39 +02:00

41 lines
1.2 KiB
YAML
Raw Blame History

---
# Pip-in-venv install — EFF's recommended path now that certbot-auto is gone.
# https://certbot.eff.org/instructions?os=pip
# Debian-family only; RedHat goes through setup-RedHat.yml + package install.
- name: Install certbot pip prerequisites.
ansible.builtin.apt:
name:
- python3
- python3-dev
- python3-venv
- libaugeas-dev
- gcc
state: present
update_cache: true
cache_valid_time: 3600
- name: Install certbot in a venv via pip.
ansible.builtin.pip:
name: certbot
state: "{{ 'latest' if certbot_keep_updated else 'present' }}"
virtualenv: "{{ certbot_dir }}"
virtualenv_command: python3 -m venv
- name: Install certbot pip plugins.
ansible.builtin.pip:
name: "{{ certbot_pip_extra_packages }}"
state: "{{ 'latest' if certbot_keep_updated else 'present' }}"
virtualenv: "{{ certbot_dir }}"
when: certbot_pip_extra_packages | length > 0
- name: Symlink certbot binary onto PATH.
ansible.builtin.file:
src: "{{ certbot_dir }}/bin/certbot"
dest: /usr/local/bin/certbot
state: link
- name: Set Certbot script variable.
ansible.builtin.set_fact:
certbot_script: "{{ certbot_dir }}/bin/certbot"
Reference in New Issue View Git Blame Copy Permalink