README.md 1.42 KB
Newer Older
1 2 3 4
# letsencrypt

An ansible role to obtain and renew SSL certs from letsencrypt, using webroot
authenticator.
5 6 7

*see also: nginx*

8

9 10 11 12 13 14 15 16 17 18 19 20
Dependencies
------------

*nginx* role, with *letsencrypt-check* feature enabled on the domains you want
to get a letsencrypt cert for.

Process to obtain and setup certs:

1. setup correctly vars for nginx (mind *letsencrypt-check*) and letsencrypt roles.
2. run nginx role
3. run letsencrypt role
4. run nginx role again (so that it detects the new certs, use them, and restart)
21

22
Renewing is automatic. nginx is restarted after renewal.
23

24

25 26
Vars
----
27

28
Example:
29 30


31 32 33 34 35
     letsencrypt_webroot_path: /var/www/html
     letsencrypt_email: user@example.net
     letsencrypt_cert_domains:
      - www.example.net
      - example.net
36 37


38
### Required
39

40
None ! If you set nothing, letsencyrpt will make a cert for the server fqdn.
41

42
### Optional
43

44 45 46 47 48 49 50 51 52
- `letsencrypt_cert_domains` a list of domains you want a LE cert for (they
  require to have a nginx vhost configured with *letsencryt-check* enabled on
  plain HTTP)
- `letsencrypt_webroot_path` is the root path that gets served by your web
  server. Defaults to `/var/www`.
- `letsencrypt_email` needs to be set to your email address. Let's Encrypt wants it. Defaults to `webmaster@{{ ansible_fqdn }}`.
 - `letsencrypt_renewal_frequency` has 3 properties : `day`, `hour` and
   `minute`, which are cron time selector (defaults to
   `{day: *, hour: 0, minute: 0}`)
53

54 55
Renewing
--------