mirror of
https://github.com/geerlingguy/ansible-role-certbot.git
synced 2026-05-08 04:01:20 +02:00
84e0193e31
certbot-auto was removed from the certbot repo by EFF in 2021 (see issue #204), which leaves certbot_install_method: source broken — the existing install-from-source.yml still references {{ certbot_dir }}/certbot-auto, a path that no longer exists after the git clone. This adds a new install method `pip` that follows EFF's recommended install path (https://certbot.eff.org/instructions?os=pip): create a Python venv at {{ certbot_dir }}, pip install certbot, symlink the binary onto PATH at /usr/local/bin/certbot. Plugins (e.g. certbot-dns-rfc2136, certbot-dns-cloudflare) can be opted into per-host via a new certbot_pip_extra_packages list, which installs additional pip packages into the same venv after certbot. The legacy `source` method is left in place for backwards compatibility but is now documented as deprecated in the README and defaults file. Tested on Debian 12 and Debian 13.
37 lines
906 B
YAML
37 lines
906 B
YAML
---
|
|
- import_tasks: include-vars.yml
|
|
|
|
- import_tasks: setup-RedHat.yml
|
|
when: ansible_facts.os_family == 'RedHat'
|
|
|
|
- import_tasks: install-with-package.yml
|
|
when: certbot_install_method == 'package'
|
|
|
|
- import_tasks: install-with-snap.yml
|
|
when: certbot_install_method == 'snap'
|
|
|
|
- import_tasks: install-from-source.yml
|
|
when: certbot_install_method == 'source'
|
|
|
|
- import_tasks: install-with-pip.yml
|
|
when: certbot_install_method == 'pip'
|
|
|
|
- include_tasks: create-cert-standalone.yml
|
|
with_items: "{{ certbot_certs }}"
|
|
when:
|
|
- certbot_create_if_missing
|
|
- certbot_create_method == 'standalone'
|
|
loop_control:
|
|
loop_var: cert_item
|
|
|
|
- include_tasks: create-cert-webroot.yml
|
|
with_items: "{{ certbot_certs }}"
|
|
when:
|
|
- certbot_create_if_missing
|
|
- certbot_create_method == 'webroot'
|
|
loop_control:
|
|
loop_var: cert_item
|
|
|
|
- import_tasks: renew-cron.yml
|
|
when: certbot_auto_renew
|
