Do you plan to expand the playbook to also generate a crontab entry that will auto-renew the certificate every other month?

Yes, i absolutely plan to one of these days. If you'd like to do it first, I'd welcome a pull request.

May be helpful to anyone who wants to take a stab at this:

https://letsencrypt.readthedocs.org/en/latest/using.html#renewal
https://community.letsencrypt.org/t/how-to-automatically-renew-certificates/4393/60

Alright, so this should be as simple as running letsencrypt-renewer every day or so. I'm not entirely clear how the frequently it should be run, but it seems like once a day should be okay.

There's another issue with renewals - it should automatically modify the Header always add Public-Key-Pins line(s) in the Apache configuration (or nginx equivalent).

Btw, you can issue five certificates for a domain in any seven day period with LE so there's no problem there

This role does not modify any web server configurations currently. It uses the official Let's Encrypt client in certonly mode. Future work (maybe if you wanna submit a pull request?) can change that to make it do it's apache magic, but I initially made this for personal use and I don't use apache. If it was configured to do the apache magic, I assume this is something that would automatically happen.

So currently I was able to use the code in the renewal branch (as of 932c503) sort of clean up a renewal file from I think just an old version of Let's Encrypt that didn't properly specify a webroot map. I've got a bunch of other places to test it against, and I'd love feedback from others on which values do and don't need to be there.

I should note that this was contingent on an extremely minor change to letsencrypt-renewer, which I opened a Pull Request about

So, this should work now. It edits the renewal file to make sure the webroot path's are correct and installs a cron