Ansible Certbot

Using Ansible to install a lets encrypt certificate

Using geerlinguy.certbot we can create a playbook that uses this role to install a certificate.

To install the role: ansible-galaxy install geerlinguy.certbot -p This will install it into the path of

vars:
    certbot_create_if_missing: yes
    certbot_create_method: standalone
    certbot_admin_email: simon@bawesomedomain.co.uk
    certbot_certs:
    - domains:
        - awesomedomain.co.uk
        - www.awesomedomain.co.ukS
    certbot_create_standalone_stop_services:
      - nginx
 roles:
   - geerlingguy.certbot

By default this role will create a cron job which will run under the user you have given Ansible.

Here is the default variables for the cron job that you can change:

certbot_auto_renew: true
certbot_auto_renew_user: "{{ ansible_user }}"
certbot_auto_renew_hour: 3
certbot_auto_renew_minute: 30
certbot_auto_renew_options: "--quiet --no-self-upgrade"

If we were to put one of the above variables into the playbook then it would look like the following:

vars:
    certbot_create_if_missing: yes
    certbot_create_method: standalone
    certbot_admin_email: simon@bawesomedomain.co.uk
    certbot_certs:
    - domains:
        - awesomedomain.co.uk
        - www.awesomedomain.co.uk
    certbot_create_standalone_stop_services:
      - nginx
    certbot_auto_renew: false
 roles:
   - geerlingguy.certbot