forked from coopdevs/certbot_nginx
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request coopdevs#12 from coopdevs/update_README_multiple_c…
…ertificates Update the README with the multiple certificates creation information
- Loading branch information
Showing
1 changed file
with
40 additions
and
4 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -7,7 +7,7 @@ This role will: | |
| 1. Add `certbot` PPA repository | ||
| 2. Install `certbot` and `python-certbot-nginx` packages | ||
| 3. `certbot` package will add a `renew` cron job and a systemd-timer ([More info](https://certbot.eff.org/#ubuntuxenial-nginx) | ||
| 4. Generate a Let's Encrypt SSL certificate for the given `domain_name` | ||
| 4. Generate a Let's Encrypt SSL certificates for the given `domain_name`. | ||
|
|
||
| Role Variables | ||
| -------------- | ||
|
|
@@ -21,19 +21,55 @@ certbot_nginx_version: 0.31.0-1+ubuntu{{ ansible_distribution_version }}.1+certb | |
| if set, `certbot_nginx_cert_name`'s value will be passed to the certbot's `--cert-name` argument, which is used to identify the certificate in certbot command such as `certbot delete`. You will see a list of certificates identified with this name by running `certbot certificates`. This name will also be used as the file paths for the certificate in `/etc/letsencrypt/live/`. | ||
|
|
||
| Example Playbook | ||
| ---------------- | ||
| Example Playbook - Single certificate | ||
| ------------------------------------- | ||
|
|
||
| ```yaml | ||
| # Playbook | ||
| - hosts: servers | ||
| roles: | ||
| - role: coopdevs.certbot_nginx | ||
| vars: | ||
| domain_name: www.mydomain.io | ||
| letsencrypt_email: [email protected] | ||
| certbot_nginx_cert_name: mycert | ||
| ``` | ||
|
|
||
| Example Playbook - Multiple certificates creation | ||
| ------------------------------------------------- | ||
|
|
||
| Also allow to generate and manage multiple certificates in the same host. | ||
| You can define the var `domain_names` and configure a role to incude the this role in a loop. | ||
|
|
||
| ```yaml | ||
| # Playbook | ||
| - hosts: servers | ||
| roles: | ||
| - role: coopdevs.certbot_nginx | ||
| vars: | ||
| letsencrypt_email: [email protected] | ||
| - role: certificates | ||
| vars: | ||
| domain_names: | ||
| - community.coopdevs.org | ||
| - forms.coopdevs.org | ||
| ``` | ||
|
|
||
| Create a custom role including the `certbot_nginx` role that generates the certificates: | ||
|
|
||
| ```yaml | ||
| # certificates.yml Role | ||
| --- | ||
| - name: Install SSL certificates | ||
| include_role: | ||
| name: vendor/coopdevs.certbot_nginx | ||
| tasks_from: certificate.yml | ||
| with_items: "{{ domain_names }}" | ||
| loop_control: | ||
| loop_var: domain_name | ||
| ``` | ||
|
|
||
| > You need to declare the `loop_control` to map the `item` var of the `with_item` loop with the `loop_var` value as `domain_name`. See the [`loop_controll` doc](https://docs.ansible.com/ansible/latest/user_guide/playbooks_loops.html?highlight=loop_control#loop-control) | ||
|
|
||
| Let's Encrypt Staging Environment | ||
| --------------------------------- | ||
|
|
||
|
|
||