Compare commits
14 Commits
Author | SHA1 | Date |
---|---|---|
Nick Janetakis | 76c835e9f7 | |
Robert O'Connor | 88a086a9ee | |
Nick Janetakis | b6e1406320 | |
Robert O'Connor | e67b700070 | |
Nick Janetakis | dbf0abd5fd | |
Nick Janetakis | 5c310a3c5d | |
Nick Janetakis | f5f32583dc | |
Tim Bo | 333c0b31fb | |
Nick Janetakis | c8a90f6c57 | |
Alexander Trost | e9fade4a5d | |
Nick Janetakis | f784b8b8e9 | |
Nick Janetakis | e7d8204c83 | |
Nick Janetakis | 8b46e34030 | |
Nick Janetakis | 5dfff8d4a4 |
|
@ -1,5 +1,12 @@
|
|||
# Changelog
|
||||
|
||||
### v1.1.0
|
||||
|
||||
*Released: February 25th 2021*
|
||||
|
||||
- Change `apt` to `package` so the role works with CentOS and potentially other non-Debian distros
|
||||
- Ensure certificate info task isn't run when Ansible is run in check mode
|
||||
|
||||
### v1.0.0
|
||||
|
||||
*Released: September 29th 2018*
|
||||
|
|
41
README.md
41
README.md
|
@ -10,7 +10,7 @@ It is an [Ansible](http://www.ansible.com/home) role to:
|
|||
|
||||
## Why would you want to use this role?
|
||||
|
||||
This role uses [acme.sh](https://github.com/Neilpang/acme.sh) which is a self
|
||||
This role uses [acme.sh](https://github.com/acmesh-official/acme.sh) which is a self
|
||||
contained Bash script to handle all of the complexities of issuing and
|
||||
automatically renewing your SSL certificates.
|
||||
|
||||
|
@ -52,8 +52,12 @@ webroot, nginx or Apache but nothing is set in stone.
|
|||
# needs to already exist, this role will not create it.
|
||||
acme_sh_become_user: "root"
|
||||
|
||||
# acme.sh package dependencies. The default values are for Debian / Ubuntu.
|
||||
# For CentOS and Fedora you can replace "cron" with "crond".
|
||||
acme_sh_dependencies: ["cron", "git", "wget"]
|
||||
|
||||
# The acme.sh repo to clone.
|
||||
acme_sh_git_url: "https://github.com/Neilpang/acme.sh"
|
||||
acme_sh_git_url: "https://github.com/acmesh-official/acme.sh"
|
||||
|
||||
# The branch, tag or commit that will be cloned.
|
||||
acme_sh_git_version: "master"
|
||||
|
@ -66,7 +70,7 @@ acme_sh_git_update: False
|
|||
# Where will this repo get cloned to?
|
||||
acme_sh_git_clone_dest: "/usr/local/src/acme.sh"
|
||||
|
||||
# When enabled, acme.me will upgrade itself to the latest version which is
|
||||
# When enabled, acme.sh will upgrade itself to the latest version which is
|
||||
# separate from updating the git repo. That's because acme.sh installs itself
|
||||
# with an installer after cloning the source code.
|
||||
#
|
||||
|
@ -141,9 +145,8 @@ acme_sh_default_debug: False
|
|||
|
||||
# Which DNS provider should you use?
|
||||
# A list of supported providers can be found at:
|
||||
# https://github.com/Neilpang/acme.sh#7-automatic-dns-api-integration
|
||||
# As for getting the name to use, you can find that at:
|
||||
# https://github.com/Neilpang/acme.sh/tree/master/dnsapi
|
||||
# https://github.com/acmesh-official/acme.sh/tree/master/dnsapi
|
||||
# As for getting the name to use, you can find that at the url above as well.
|
||||
#
|
||||
# It defaults to DigitalOcean. Make sure to include the dns_ part of the name,
|
||||
# but leave off the .sh file extension.
|
||||
|
@ -151,7 +154,7 @@ acme_sh_default_dns_provider: "dns_dgon"
|
|||
|
||||
# What are your DNS provider's API key(s)?
|
||||
# The key names to use can be found at:
|
||||
# https://github.com/Neilpang/acme.sh/tree/master/dnsapi
|
||||
# https://github.com/acmesh-official/acme.sh/tree/master/dnsapi
|
||||
#
|
||||
# The API key can be created on your DNS provider's website. Some providers
|
||||
# require 1 key, while others require 2+. Just add them as key / value pairs here
|
||||
|
@ -240,14 +243,13 @@ acme_sh_default_remove: False
|
|||
# Here's an example with every available option documented, and a couple of real
|
||||
# examples will also be included in the example section of this README:
|
||||
acme_sh_domains:
|
||||
# A list of 1 or more domains, you can use ["*.example.com" ,"example.com] for
|
||||
# setting a wildcard + root domain certificate. Domains listed here will
|
||||
# all belong to the same certificate. If you want separate certificate files
|
||||
# then create a new "domains:" item in the list.
|
||||
# A list of 1 or more domains, you can use ["example.com", "*.example.com"] or
|
||||
# ["*.example.com", "example.com"] for setting a wildcard certificate along with
|
||||
# the root domain certificate in the same file. The first domain in the list
|
||||
# will end up being used as the base file name for the certificate name.
|
||||
#
|
||||
# The first domain in the list will end up being used as a base file name for
|
||||
# the certificate name. In this case it would be "example.com.pem".
|
||||
# - domains: ["example.com", "www.example.com]
|
||||
# If you want separate files then create a new "domains:" item in the list.
|
||||
# - domains: ["example.com", "www.example.com", "admin.example.com"]
|
||||
# # Optionally override the default staging variable. This overall pattern lets
|
||||
# # you situationally override the defaults listed above for each domain list.
|
||||
# staging: False
|
||||
|
@ -276,9 +278,6 @@ acme_sh_domains:
|
|||
# extra_issue_renew_hook: ""
|
||||
# # Optionally remove and disable the certificate.
|
||||
# remove: True
|
||||
|
||||
# How long should the apt-cache last in seconds?
|
||||
acme_sh_apt_cache_time: 86400
|
||||
```
|
||||
|
||||
## Example usage
|
||||
|
@ -296,7 +295,7 @@ To use this role edit your `site.yml` file to look something like this:
|
|||
become: True
|
||||
|
||||
roles:
|
||||
- { role: "nickjj.acme-sh", tags: ["acme-sh"] }
|
||||
- { role: "nickjj.acme_sh", tags: ["acme_sh"] }
|
||||
```
|
||||
|
||||
Here's a few examples. You can recreate this example on your end by opening or
|
||||
|
@ -380,16 +379,16 @@ acme_sh_domains:
|
|||
*If you're looking for an Ansible role to create users, then check out my
|
||||
[user role](https://github.com/nickjj/ansible-user)*.
|
||||
|
||||
Now you would run `ansible-playbook -i inventory/hosts site.yml -t acme-sh`.
|
||||
Now you would run `ansible-playbook -i inventory/hosts site.yml -t acme_sh`.
|
||||
|
||||
## Installation
|
||||
|
||||
`$ ansible-galaxy install nickjj.acme-sh`
|
||||
`$ ansible-galaxy install nickjj.acme_sh`
|
||||
|
||||
## Ansible Galaxy
|
||||
|
||||
You can find it on the official
|
||||
[Ansible Galaxy](https://galaxy.ansible.com/nickjj/acme-sh/) if you want to
|
||||
[Ansible Galaxy](https://galaxy.ansible.com/nickjj/acme_sh/) if you want to
|
||||
rate it.
|
||||
|
||||
## License
|
||||
|
|
|
@ -2,7 +2,9 @@
|
|||
|
||||
acme_sh_become_user: "root"
|
||||
|
||||
acme_sh_git_url: "https://github.com/Neilpang/acme.sh"
|
||||
acme_sh_dependencies: ["cron", "git", "wget"]
|
||||
|
||||
acme_sh_git_url: "https://github.com/acmesh-official/acme.sh"
|
||||
acme_sh_git_version: "master"
|
||||
acme_sh_git_update: False
|
||||
acme_sh_git_clone_dest: "/usr/local/src/acme.sh"
|
||||
|
@ -42,5 +44,3 @@ acme_sh_default_issue_renew_hook: ""
|
|||
acme_sh_default_remove: False
|
||||
|
||||
acme_sh_domains: []
|
||||
|
||||
acme_sh_apt_cache_time: 86400
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
---
|
||||
|
||||
galaxy_info:
|
||||
role_name: "acme-sh"
|
||||
role_name: "acme_sh"
|
||||
author: "Nick Janetakis"
|
||||
description: "Install and auto-renew SSL certificates with Let's Encrypt using acme.sh."
|
||||
license: "license (MIT)"
|
||||
|
@ -18,7 +18,9 @@ galaxy_info:
|
|||
- "stretch"
|
||||
|
||||
galaxy_tags:
|
||||
- "acme"
|
||||
- "https"
|
||||
- "letsencrypt"
|
||||
- "networking"
|
||||
- "security"
|
||||
- "ssl"
|
||||
|
|
|
@ -1,11 +1,10 @@
|
|||
---
|
||||
|
||||
- name: Install dependencies
|
||||
apt:
|
||||
package:
|
||||
name: "{{ item }}"
|
||||
update_cache: True
|
||||
cache_valid_time: "{{ acme_sh_apt_cache_time }}"
|
||||
loop: ["cron", "git", "wget"]
|
||||
state: "present"
|
||||
loop: "{{ acme_sh_dependencies }}"
|
||||
when: not acme_sh_uninstall
|
||||
|
||||
- name: Create git clone path
|
||||
|
@ -17,7 +16,7 @@
|
|||
mode: "0755"
|
||||
when: not acme_sh_uninstall
|
||||
|
||||
- name: Git clone https://github.com/Neilpang/acme.sh
|
||||
- name: Git clone https://github.com/acmesh-official/acme.sh
|
||||
git:
|
||||
repo: "{{ acme_sh_git_url }}"
|
||||
version: "{{ acme_sh_git_version }}"
|
||||
|
@ -187,6 +186,7 @@
|
|||
path: "{{ acme_sh_copy_certs_to_path }}/{{ item.domains | first }}*"
|
||||
group: "{{ acme_sh_become_user }}"
|
||||
owner: "{{ acme_sh_become_user }}"
|
||||
mode: "0644"
|
||||
loop:
|
||||
- "{{ acme_sh_domains }}"
|
||||
when:
|
||||
|
@ -230,4 +230,4 @@
|
|||
- name: List acme.sh certificate information
|
||||
debug:
|
||||
msg: "{{ list_domains.stdout_lines }}"
|
||||
when: acme_sh_list_domains and not acme_sh_uninstall
|
||||
when: not ansible_check_mode and acme_sh_list_domains and not acme_sh_uninstall
|
||||
|
|
|
@ -14,13 +14,18 @@
|
|||
name: "{{ acme_sh_become_user }}"
|
||||
shell: "/bin/bash"
|
||||
|
||||
- name: Run the equivalent of "apt-get update"
|
||||
apt:
|
||||
update_cache: true
|
||||
changed_when: false
|
||||
|
||||
post_tasks:
|
||||
- name: Ensure acme.me was cloned
|
||||
- name: Ensure acme.sh was cloned
|
||||
command: test -d /usr/local/src/acme.sh
|
||||
register: result_cloned
|
||||
changed_when: result_cloned.rc != 0
|
||||
|
||||
- name: Ensure acme.me was installed
|
||||
- name: Ensure acme.sh was installed
|
||||
command: ./acme.sh --version
|
||||
args:
|
||||
chdir: "~/.acme.sh"
|
||||
|
|
Loading…
Reference in New Issue