coopdevs / certbot_nginx Goto Github PK

Since we merged #15 and #16 we have to "clean up" the repo:
https://travis-ci.org/coopdevs/certbot_nginx/jobs/510276548#L676

EDIT: basically line https://github.com/coopdevs/certbot_nginx/blob/master/tasks/certificate.yml#L8 is too long.

When testing playbooks using this role it may come handy to override variable in command line which would trigger using --staging in certbot standalone

https://letsencrypt.org/docs/staging-environment/

With #10 we moved the creation of the certificate to its own task certificate.yml. We did this in order to be able to create multiple certificates calling that task multiple times.

We need to add some documentation covering this use case.

Briefly the steps are:

1. Use the role as usual without passing the domain_name variable (this will not create any certificate)
2. include_role in a separate local role and call the certificate.yml multiple times (e.g. coopdevs/coopdevs-provisioning#11)

Hi coopdevs, we've encountered a need to declare multiple domains per certificate with OFN, for example for openfoodfrance.org and www.openfoodfrance.org, but potentially others as well.

It's easy to do (the command to create a certificate can take multiple domain arguments), but it means supplying a new variable or list of additional domains/subdomains and adding them into the command conditionally.

What do you think? I could submit a PR here to make the change, or we could fork this repo for ofn-install.

We need to update

To add Ubuntu Trusty. It is supposed to work in there too.

A new version needs to released and published in ansible galaxy to make #2 available.

I propose to rename this repo to certbot-nginx-role?

Just to keep coherence with the others Ansible role repositories:

• Odoo
• SysAdmins

Right now we say that only Ubuntu 16.04 is supported, instead look at https://github.com/coopdevs/certbot_nginx/blob/master/meta/main.yml#L13

TASK [coopdevs.certbot_nginx : Compare domains with domains in certificate] **************************************************************************
fatal: [server-name]: FAILED! => {"msg": "The task includes an option with an undefined variable. The error was: 'domains' is undefined. 'domains' is undefined\n\nThe error appears to be in '/home/user/.ansible/roles/coopdevs.certbot_nginx/tasks/certificate.yml': line 29, column 3, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n\n- name: Compare domains with domains in certificate\n ^ here\n"}

Offending task code:

- name: Compare domains with domains in certificate
  set_fact:
    certbot_force_update: "{{ old_domains | symmetric_difference(domains) | length | bool }}"
  when: certbot_force_update is not defined

ansible-galaxy install coopdevs.certbot_nginx

[WARNING]: - coopdevs.certbot_nginx was NOT installed successfully: Unable to compare role versions (0.0.4, v0.2.0, 0.0.2, 0.0.3, v0.1.0, 0.0.1) to determine the most recent version due to incompatible
version formats. Please contact the role author to resolve versioning conflicts, or specify an explicit role version to install.

https://github.com/coopdevs/certbot_nginx#example-playbook---multiple-certificates-creation

The var letsencrypt_email is needed in the certificate.yml tasks, not in the certbot installation.

Python3 is the standard now for Ansible.

Installation of the package: python-certbot-nginx is hard-coded in:

For the plugin to work with Python3, the required package is: python3-certbot-nginx