Certbot role
Deploy Let's Encrypt certificates.
Usage
Configure the role.
# https://hub.docker.com/r/certbot/certbot
certbot_image: certbot/certbot
certbot_build_image: true # default: false
certbot_hostname: cert01
certbot_data_dir: /usr/share/cert # default: "/usr/share/{{ certbot_hostname }}"
certbot_email: info@example.com
# https://hub.docker.com/_/nginx/
nginx_image: nginx:1.25.2-alpine
nginx_hostname: nginx01
nginx_data_dir: /usr/share/nginx # default: "/usr/share/{{ nginx_hostname }}"
nginx_proxies: # See nginx role for referenceAnd include it in your playbook.
- hosts: certbot
roles:
- role: certbotDocs
Install Certbot command line tools
The installation script requires that you have sudo access to root.
Run curl -L https://raw.githubusercontent.com/mint-system/ansible-build/main/roles/certbot/files/install | bash in your terminal.
FreeDNS Authenticator
Set certbot_build_image, certbot_authenticator and certbot_preferred_challenges in the hosts inventory. Pass the the FreeDNS credentials using certbot_secrets. Here is an example:
certbot_build_image: true
certbot_preferred_challenges: dns # default: http
certbot_authenticator: dns-freedns
certbot_secrets:
- file: credentials.ini
content: |
dns_freedns_username = example
dns_freedns_password = {{ vault_dns_freedns_password }}Wildcard certificates
For wildcard certificates set certbot_preferred_challenges: dns. This will intentionally fail the certbot challenge and give you a manuall command, which must be executed on the server.
Test acme challenge
Create a challenge file on the server.
NGINX_CONTAINER=$(docker ps -f "name=nginx" -q | tail -n1)
docker exec "$NGINX_CONTAINER" mkdir -p /var/www/certbot/.well-known/acme-challenge/
docker exec "$NGINX_CONTAINER" touch /var/www/certbot/.well-known/acme-challenge/RrBNIkijbPhfpxtCud7mKBHB9DwaJsmOvmhtnzb4fx4Verify the challenge file on another server.
DOMAIN=example.com
curl -I http://$DOMAIN/.well-known/acme-challenge/RrBNIkijbPhfpxtCud7mKBHB9DwaJsmOvmhtnzb4fx4