Certbot role

Deploy Let's Encrypt certificates.


Configure the role.


certbot_image: certbot/certbot
certbot_build_image: true # default: false
certbot_hostname: cert01
certbot_data_dir: /usr/share/cert # default: "/usr/share/{{ certbot_hostname }}"
certbot_email: info@example.com
nginx_image: nginx:1.25.2-alpine
nginx_hostname: nginx01
nginx_data_dir: /usr/share/nginx # default: "/usr/share/{{ nginx_hostname }}"
nginx_proxies: # See nginx role for reference

And include it in your playbook.

- hosts: certbot
  - role: certbot


Install Certbot command line tools

The installation script requires that you have sudo access to root.

Run curl -L https://raw.githubusercontent.com/mint-system/ansible-build/master/roles/certbot/files/install | bash in your terminal.

Vercel Authenticator

For https://vercel.com/open in new window there are pre and post authentication scripts included. Here is an example on how to use Vercel DNS:

certbot_preferred_challenges: dns # default: http
certbot_authenticator: vercel
certbot_vercel_token: # default: "{{ vault_certbot_vercel_token }}"
certbot_vercel_team_id: example-organization

FreeDNS Authenticator

Set certbot_build_image, certbot_authenticator and certbot_preferred_challenges in the hosts inventory. Pass the the FreeDNS credentials using certbot_secrets. Here is an example:

certbot_build_image: true
certbot_preferred_challenges: dns # default: http
certbot_authenticator: dns-freedns
  - file: credentials.ini
    content: |
      dns_freedns_username = example
      dns_freedns_password = {{ vault_dns_freedns_password }}

Wildcard certificates

For wildcard certificates set certbot_preferred_challenges: dns. This will intentionally fail the certbot challenge and give you a manuall command, which must be executed on the server.