An Ansible role to issue and revoke Let's Encrypt SSL certificates using OVH and Cloudflare DNS challenges.
This role has no specific requirements.
# SSL certificates
certbot_certs:
- domains:
- one.domain.com
- two.domain.com
- three.domain.com
challenge: dns-ovh # see supported challenges
expand: false # true | false (default 'false')
post_hook: systemctl reload nginx # post-hook command
state: present # present | revoked
# E-mail address for Let's Encrypt account
certbot_email_address: me@domain.com
# OVH DNS challenge settings (see https://certbot-dns-ovh.readthedocs.io/)
certbot_dns_ovh_config_file_path: /etc/certbot-dns-ovh.ini
certbot_dns_ovh_endpoint: ovh-eu
certbot_dns_ovh_application_key: MDAwMDAwMDAwMDAw
certbot_dns_ovh_application_secret: MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw
certbot_dns_ovh_consumer_key: MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw
# DNS propagation in seconds
certbot_dns_propagation_seconds: 30
# Certbot issue command
certbot_commmand: certbot
certbot_arguments:
- --non-interactive
- --agree-tos
- --no-eff-email
- --no-redirect
certbot_challenges_arguments:
dns-ovh:
- --dns-ovh
- --dns-ovh-credentials {{ certbot_dns_ovh_config_file_path }}
- --dns-ovh-propagation-seconds {{ certbot_dns_propagation_seconds }}
dns-cloudflare: # FIXME: to be completed
- --dns-cloudflare
This role supports the following DNS challenges:
- OVH: https://certbot-dns-ovh.readthedocs.io/ (
challenge=dns-ovh
) - Cloudflare: https://certbot-dns-cloudflare.readthedocs.io
(
challenge=dns-cloudflare
)
You can specify a different challenge for each domains, with the challenge
key into the certbot_certs
element.
This role has no dependecies.
Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
- hosts: servers
roles:
- role: mmartinello.certbot
vars:
certbot_certs:
- domains:
- foo.domain.com
- bar.domain.com
challenge: dns-ovh
post_hook: systemctl reload nginx
state: present
certbot_email_address: mail@domain.com
certbot_dns_ovh_application_key: <my_application_key>
certbot_dns_ovh_application_secret: <my_application_secret>
certbot_dns_ovh_consumer_key: <my_consumer_key>
MIT
Mattia Martinello 🇮🇹 🗺️
Are very welcomed here!