-2

I want to do the following using ansible:

letsencrypt certonly --agree-tos --standalone \ 
    --cert-name <certname from certificates> \
    -d <domain> \
    -d <www.domain> \
    -d <new.domain>

Is this the best way to do it or is there a better way?

- block:
  - name: Create SSL certificate
    command: >
      letsencrypt certonly
      --agree-tos
      --standalone
      --cert-name {{ ansible_hostname }}
      -d {{ _server-name }}
    register: letsencrypt_output
    changed_when: not "no action taken" in letsencrypt_output.stdout
Zeitounator
  • 38,476
  • 7
  • 53
  • 66
Vishal
  • 2,097
  • 6
  • 27
  • 45
  • 3
    Have you've tried https://docs.ansible.com/ansible/latest/collections/community/crypto/acme_certificate_module.html (acme_certificate module)? – George Shuklin Aug 13 '22 at 19:08

1 Answers1

0

I use about the same, no issues so far. Maybe it helps.

# install letsencrypt and create certificate for domain:
- name: install le
  apt:
    name: letsencrypt
    state: present
    update_cache: yes
  tags: le
- name: stop apache2
  service:
    name: apache2
    state: stopped
  tags: le
  ignore_errors: yes
- name: create certificate - standalone
  command: "certbot certonly --standalone  -d  {{ certbot_site_name }} -m {{ certbot_mail_address }} --agree-tos --noninteractive"
  tags: le

- name: add hooks for renewal
  lineinfile:
    path: /etc/letsencrypt/renewal/{{ certbot_site_name}}.conf
    line: "{{ item }}"
    insertafter: EOF
  with_items:
    - "post_hook = systemctl start apache2"
    - "pre_hook = systemctl stop apache2"
  tags: le

- name:  start apache2
  service:
    name: apache2
    state: started
  tags: le
Martin O.
  • 3
  • 2