Allow for easily setting the default CA: default to Letsencrypt.org

This commit is contained in:
Robert O'Connor 2021-06-22 18:25:31 -04:00
parent 76c835e9f7
commit 285ddfc713
No known key found for this signature in database
GPG Key ID: 1DB67AA126AFFA8D
3 changed files with 7 additions and 0 deletions

View File

@ -117,6 +117,10 @@ acme_sh_copy_certs_to_path: "/etc/ssl/ansible"
# You can disable this by setting it to False.
acme_sh_list_domains: True
# Set the default CA to use, acme.sh defaults to ZeroSSL.
# For all the options, see https://github.com/acmesh-official/acme.sh/wiki/Server
acme_sh_default_ca: "letsencrypt"
# When set to False, it will use the live Let's Encrypt servers, so please make
# sure everything works with staging True or you may find yourself rate limited.
#

View File

@ -20,6 +20,8 @@ acme_sh_copy_certs_to_path: "/etc/ssl/ansible"
acme_sh_list_domains: True
acme_sh_default_ca: "letsencrypt"
acme_sh_default_staging: True
acme_sh_default_force_issue: False

View File

@ -137,6 +137,7 @@
- name: Issue acme.sh certificate(s) (this will sleep for dns_sleep seconds)
command: >-
./acme.sh --issue -d {{ item.domains | join(" -d ") }}
--set-default-ca --server {{ acme_sh_default_ca }}
--dns {{ item.dns_provider | default(acme_sh_default_dns_provider) }}
--dnssleep {{ item.dns_sleep | default(acme_sh_default_dns_sleep) }}
{{ "--force" if item.force_issue | default(acme_sh_default_force_issue) else "" }}