Install simp_le, generate certificates and renew them automatically on Debian/Ubuntu servers.
Renewal happens every month via a cron job run by the Ansible remote user.
See the role on Ansible Galaxy: L-P.simp_le
# Variables with defaults
simp_le_repo: # simp_le repository
simp_le_version: # commit/version to clone
simp_le_dest: # where to clone, by default in ~/.cache
simp_le_vhosts: []
simp_le_email: ""
A list of virtual hosts for which we'll generate certificates. eg.:
simp_le_vhosts:
- vhost: "example.com"
root: "/path/to/challenges" # accessible via HTTP
output: "/path/to/output/dir" # where to write the certificates
An identifying email to use against Let's Encrypt api. eg:
simp_le_email: "[email protected]"
Your server needs to serve the challenge files over HTTP, here is an example configuration you can use for nginx that will redirect every HTTP request to HTTPS except for the challenges:
location /.well-known/acme-challenge/ {
alias /var/www/challenges/.well-known/acme-challenge/;
try_files $uri @forward_https;
}
location @forward_https {
return 301 https://example.com$request_uri;
}
location / {
return 301 https://example.com$request_uri;
}
- hosts: all
roles:
- {role: "L-P.simp_le", sudo: no}