Compare commits
14 Commits
Author | SHA1 | Date |
---|---|---|
Nick Janetakis | 76c835e9f7 | |
Robert O'Connor | 88a086a9ee | |
Nick Janetakis | b6e1406320 | |
Robert O'Connor | e67b700070 | |
Nick Janetakis | dbf0abd5fd | |
Nick Janetakis | 5c310a3c5d | |
Nick Janetakis | f5f32583dc | |
Tim Bo | 333c0b31fb | |
Nick Janetakis | c8a90f6c57 | |
Alexander Trost | e9fade4a5d | |
Nick Janetakis | f784b8b8e9 | |
Nick Janetakis | e7d8204c83 | |
Nick Janetakis | 8b46e34030 | |
Nick Janetakis | 5dfff8d4a4 |
|
@ -1,5 +1,12 @@
|
||||||
# Changelog
|
# Changelog
|
||||||
|
|
||||||
|
### v1.1.0
|
||||||
|
|
||||||
|
*Released: February 25th 2021*
|
||||||
|
|
||||||
|
- Change `apt` to `package` so the role works with CentOS and potentially other non-Debian distros
|
||||||
|
- Ensure certificate info task isn't run when Ansible is run in check mode
|
||||||
|
|
||||||
### v1.0.0
|
### v1.0.0
|
||||||
|
|
||||||
*Released: September 29th 2018*
|
*Released: September 29th 2018*
|
||||||
|
|
41
README.md
41
README.md
|
@ -10,7 +10,7 @@ It is an [Ansible](http://www.ansible.com/home) role to:
|
||||||
|
|
||||||
## Why would you want to use this role?
|
## Why would you want to use this role?
|
||||||
|
|
||||||
This role uses [acme.sh](https://github.com/Neilpang/acme.sh) which is a self
|
This role uses [acme.sh](https://github.com/acmesh-official/acme.sh) which is a self
|
||||||
contained Bash script to handle all of the complexities of issuing and
|
contained Bash script to handle all of the complexities of issuing and
|
||||||
automatically renewing your SSL certificates.
|
automatically renewing your SSL certificates.
|
||||||
|
|
||||||
|
@ -52,8 +52,12 @@ webroot, nginx or Apache but nothing is set in stone.
|
||||||
# needs to already exist, this role will not create it.
|
# needs to already exist, this role will not create it.
|
||||||
acme_sh_become_user: "root"
|
acme_sh_become_user: "root"
|
||||||
|
|
||||||
|
# acme.sh package dependencies. The default values are for Debian / Ubuntu.
|
||||||
|
# For CentOS and Fedora you can replace "cron" with "crond".
|
||||||
|
acme_sh_dependencies: ["cron", "git", "wget"]
|
||||||
|
|
||||||
# The acme.sh repo to clone.
|
# The acme.sh repo to clone.
|
||||||
acme_sh_git_url: "https://github.com/Neilpang/acme.sh"
|
acme_sh_git_url: "https://github.com/acmesh-official/acme.sh"
|
||||||
|
|
||||||
# The branch, tag or commit that will be cloned.
|
# The branch, tag or commit that will be cloned.
|
||||||
acme_sh_git_version: "master"
|
acme_sh_git_version: "master"
|
||||||
|
@ -66,7 +70,7 @@ acme_sh_git_update: False
|
||||||
# Where will this repo get cloned to?
|
# Where will this repo get cloned to?
|
||||||
acme_sh_git_clone_dest: "/usr/local/src/acme.sh"
|
acme_sh_git_clone_dest: "/usr/local/src/acme.sh"
|
||||||
|
|
||||||
# When enabled, acme.me will upgrade itself to the latest version which is
|
# When enabled, acme.sh will upgrade itself to the latest version which is
|
||||||
# separate from updating the git repo. That's because acme.sh installs itself
|
# separate from updating the git repo. That's because acme.sh installs itself
|
||||||
# with an installer after cloning the source code.
|
# with an installer after cloning the source code.
|
||||||
#
|
#
|
||||||
|
@ -141,9 +145,8 @@ acme_sh_default_debug: False
|
||||||
|
|
||||||
# Which DNS provider should you use?
|
# Which DNS provider should you use?
|
||||||
# A list of supported providers can be found at:
|
# A list of supported providers can be found at:
|
||||||
# https://github.com/Neilpang/acme.sh#7-automatic-dns-api-integration
|
# https://github.com/acmesh-official/acme.sh/tree/master/dnsapi
|
||||||
# As for getting the name to use, you can find that at:
|
# As for getting the name to use, you can find that at the url above as well.
|
||||||
# https://github.com/Neilpang/acme.sh/tree/master/dnsapi
|
|
||||||
#
|
#
|
||||||
# It defaults to DigitalOcean. Make sure to include the dns_ part of the name,
|
# It defaults to DigitalOcean. Make sure to include the dns_ part of the name,
|
||||||
# but leave off the .sh file extension.
|
# but leave off the .sh file extension.
|
||||||
|
@ -151,7 +154,7 @@ acme_sh_default_dns_provider: "dns_dgon"
|
||||||
|
|
||||||
# What are your DNS provider's API key(s)?
|
# What are your DNS provider's API key(s)?
|
||||||
# The key names to use can be found at:
|
# The key names to use can be found at:
|
||||||
# https://github.com/Neilpang/acme.sh/tree/master/dnsapi
|
# https://github.com/acmesh-official/acme.sh/tree/master/dnsapi
|
||||||
#
|
#
|
||||||
# The API key can be created on your DNS provider's website. Some providers
|
# The API key can be created on your DNS provider's website. Some providers
|
||||||
# require 1 key, while others require 2+. Just add them as key / value pairs here
|
# require 1 key, while others require 2+. Just add them as key / value pairs here
|
||||||
|
@ -240,14 +243,13 @@ acme_sh_default_remove: False
|
||||||
# Here's an example with every available option documented, and a couple of real
|
# Here's an example with every available option documented, and a couple of real
|
||||||
# examples will also be included in the example section of this README:
|
# examples will also be included in the example section of this README:
|
||||||
acme_sh_domains:
|
acme_sh_domains:
|
||||||
# A list of 1 or more domains, you can use ["*.example.com" ,"example.com] for
|
# A list of 1 or more domains, you can use ["example.com", "*.example.com"] or
|
||||||
# setting a wildcard + root domain certificate. Domains listed here will
|
# ["*.example.com", "example.com"] for setting a wildcard certificate along with
|
||||||
# all belong to the same certificate. If you want separate certificate files
|
# the root domain certificate in the same file. The first domain in the list
|
||||||
# then create a new "domains:" item in the list.
|
# will end up being used as the base file name for the certificate name.
|
||||||
#
|
#
|
||||||
# The first domain in the list will end up being used as a base file name for
|
# If you want separate files then create a new "domains:" item in the list.
|
||||||
# the certificate name. In this case it would be "example.com.pem".
|
# - domains: ["example.com", "www.example.com", "admin.example.com"]
|
||||||
# - domains: ["example.com", "www.example.com]
|
|
||||||
# # Optionally override the default staging variable. This overall pattern lets
|
# # Optionally override the default staging variable. This overall pattern lets
|
||||||
# # you situationally override the defaults listed above for each domain list.
|
# # you situationally override the defaults listed above for each domain list.
|
||||||
# staging: False
|
# staging: False
|
||||||
|
@ -276,9 +278,6 @@ acme_sh_domains:
|
||||||
# extra_issue_renew_hook: ""
|
# extra_issue_renew_hook: ""
|
||||||
# # Optionally remove and disable the certificate.
|
# # Optionally remove and disable the certificate.
|
||||||
# remove: True
|
# remove: True
|
||||||
|
|
||||||
# How long should the apt-cache last in seconds?
|
|
||||||
acme_sh_apt_cache_time: 86400
|
|
||||||
```
|
```
|
||||||
|
|
||||||
## Example usage
|
## Example usage
|
||||||
|
@ -296,7 +295,7 @@ To use this role edit your `site.yml` file to look something like this:
|
||||||
become: True
|
become: True
|
||||||
|
|
||||||
roles:
|
roles:
|
||||||
- { role: "nickjj.acme-sh", tags: ["acme-sh"] }
|
- { role: "nickjj.acme_sh", tags: ["acme_sh"] }
|
||||||
```
|
```
|
||||||
|
|
||||||
Here's a few examples. You can recreate this example on your end by opening or
|
Here's a few examples. You can recreate this example on your end by opening or
|
||||||
|
@ -380,16 +379,16 @@ acme_sh_domains:
|
||||||
*If you're looking for an Ansible role to create users, then check out my
|
*If you're looking for an Ansible role to create users, then check out my
|
||||||
[user role](https://github.com/nickjj/ansible-user)*.
|
[user role](https://github.com/nickjj/ansible-user)*.
|
||||||
|
|
||||||
Now you would run `ansible-playbook -i inventory/hosts site.yml -t acme-sh`.
|
Now you would run `ansible-playbook -i inventory/hosts site.yml -t acme_sh`.
|
||||||
|
|
||||||
## Installation
|
## Installation
|
||||||
|
|
||||||
`$ ansible-galaxy install nickjj.acme-sh`
|
`$ ansible-galaxy install nickjj.acme_sh`
|
||||||
|
|
||||||
## Ansible Galaxy
|
## Ansible Galaxy
|
||||||
|
|
||||||
You can find it on the official
|
You can find it on the official
|
||||||
[Ansible Galaxy](https://galaxy.ansible.com/nickjj/acme-sh/) if you want to
|
[Ansible Galaxy](https://galaxy.ansible.com/nickjj/acme_sh/) if you want to
|
||||||
rate it.
|
rate it.
|
||||||
|
|
||||||
## License
|
## License
|
||||||
|
|
|
@ -2,7 +2,9 @@
|
||||||
|
|
||||||
acme_sh_become_user: "root"
|
acme_sh_become_user: "root"
|
||||||
|
|
||||||
acme_sh_git_url: "https://github.com/Neilpang/acme.sh"
|
acme_sh_dependencies: ["cron", "git", "wget"]
|
||||||
|
|
||||||
|
acme_sh_git_url: "https://github.com/acmesh-official/acme.sh"
|
||||||
acme_sh_git_version: "master"
|
acme_sh_git_version: "master"
|
||||||
acme_sh_git_update: False
|
acme_sh_git_update: False
|
||||||
acme_sh_git_clone_dest: "/usr/local/src/acme.sh"
|
acme_sh_git_clone_dest: "/usr/local/src/acme.sh"
|
||||||
|
@ -42,5 +44,3 @@ acme_sh_default_issue_renew_hook: ""
|
||||||
acme_sh_default_remove: False
|
acme_sh_default_remove: False
|
||||||
|
|
||||||
acme_sh_domains: []
|
acme_sh_domains: []
|
||||||
|
|
||||||
acme_sh_apt_cache_time: 86400
|
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
galaxy_info:
|
galaxy_info:
|
||||||
role_name: "acme-sh"
|
role_name: "acme_sh"
|
||||||
author: "Nick Janetakis"
|
author: "Nick Janetakis"
|
||||||
description: "Install and auto-renew SSL certificates with Let's Encrypt using acme.sh."
|
description: "Install and auto-renew SSL certificates with Let's Encrypt using acme.sh."
|
||||||
license: "license (MIT)"
|
license: "license (MIT)"
|
||||||
|
@ -18,7 +18,9 @@ galaxy_info:
|
||||||
- "stretch"
|
- "stretch"
|
||||||
|
|
||||||
galaxy_tags:
|
galaxy_tags:
|
||||||
|
- "acme"
|
||||||
- "https"
|
- "https"
|
||||||
|
- "letsencrypt"
|
||||||
- "networking"
|
- "networking"
|
||||||
- "security"
|
- "security"
|
||||||
- "ssl"
|
- "ssl"
|
||||||
|
|
|
@ -1,11 +1,10 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- name: Install dependencies
|
- name: Install dependencies
|
||||||
apt:
|
package:
|
||||||
name: "{{ item }}"
|
name: "{{ item }}"
|
||||||
update_cache: True
|
state: "present"
|
||||||
cache_valid_time: "{{ acme_sh_apt_cache_time }}"
|
loop: "{{ acme_sh_dependencies }}"
|
||||||
loop: ["cron", "git", "wget"]
|
|
||||||
when: not acme_sh_uninstall
|
when: not acme_sh_uninstall
|
||||||
|
|
||||||
- name: Create git clone path
|
- name: Create git clone path
|
||||||
|
@ -17,7 +16,7 @@
|
||||||
mode: "0755"
|
mode: "0755"
|
||||||
when: not acme_sh_uninstall
|
when: not acme_sh_uninstall
|
||||||
|
|
||||||
- name: Git clone https://github.com/Neilpang/acme.sh
|
- name: Git clone https://github.com/acmesh-official/acme.sh
|
||||||
git:
|
git:
|
||||||
repo: "{{ acme_sh_git_url }}"
|
repo: "{{ acme_sh_git_url }}"
|
||||||
version: "{{ acme_sh_git_version }}"
|
version: "{{ acme_sh_git_version }}"
|
||||||
|
@ -187,6 +186,7 @@
|
||||||
path: "{{ acme_sh_copy_certs_to_path }}/{{ item.domains | first }}*"
|
path: "{{ acme_sh_copy_certs_to_path }}/{{ item.domains | first }}*"
|
||||||
group: "{{ acme_sh_become_user }}"
|
group: "{{ acme_sh_become_user }}"
|
||||||
owner: "{{ acme_sh_become_user }}"
|
owner: "{{ acme_sh_become_user }}"
|
||||||
|
mode: "0644"
|
||||||
loop:
|
loop:
|
||||||
- "{{ acme_sh_domains }}"
|
- "{{ acme_sh_domains }}"
|
||||||
when:
|
when:
|
||||||
|
@ -230,4 +230,4 @@
|
||||||
- name: List acme.sh certificate information
|
- name: List acme.sh certificate information
|
||||||
debug:
|
debug:
|
||||||
msg: "{{ list_domains.stdout_lines }}"
|
msg: "{{ list_domains.stdout_lines }}"
|
||||||
when: acme_sh_list_domains and not acme_sh_uninstall
|
when: not ansible_check_mode and acme_sh_list_domains and not acme_sh_uninstall
|
||||||
|
|
|
@ -14,13 +14,18 @@
|
||||||
name: "{{ acme_sh_become_user }}"
|
name: "{{ acme_sh_become_user }}"
|
||||||
shell: "/bin/bash"
|
shell: "/bin/bash"
|
||||||
|
|
||||||
|
- name: Run the equivalent of "apt-get update"
|
||||||
|
apt:
|
||||||
|
update_cache: true
|
||||||
|
changed_when: false
|
||||||
|
|
||||||
post_tasks:
|
post_tasks:
|
||||||
- name: Ensure acme.me was cloned
|
- name: Ensure acme.sh was cloned
|
||||||
command: test -d /usr/local/src/acme.sh
|
command: test -d /usr/local/src/acme.sh
|
||||||
register: result_cloned
|
register: result_cloned
|
||||||
changed_when: result_cloned.rc != 0
|
changed_when: result_cloned.rc != 0
|
||||||
|
|
||||||
- name: Ensure acme.me was installed
|
- name: Ensure acme.sh was installed
|
||||||
command: ./acme.sh --version
|
command: ./acme.sh --version
|
||||||
args:
|
args:
|
||||||
chdir: "~/.acme.sh"
|
chdir: "~/.acme.sh"
|
||||||
|
|
Loading…
Reference in New Issue