forked from evolix/ansible-roles
Victor LABORIE
d3310007c3
- Don't generate dhparams (not evoacme role) - Generate ssl conf file for vhost
1.6 KiB
1.6 KiB
Evoacme 1.5
EvoAcme is an Ansible role and a Certbot wrapper for generate Let's Encrypt certificates.
It is a project hosted at Evolix's forge
How to install
1 - Create a playbook with evoacme role
---
- hosts: hostname
become: yes
roles:
- role: evoacme
2 - Install evoacme prerequisite with ansible
ansible-playbook playbook.yml -Kl hostname
3 - Include letsencrypt.conf in your webserver
For Apache, you just need to ensure that you don't overwrite "/.well-known/acme-challenge" Alias with a Redirect or Rewrite directive.
For Nginx, you must include letsencrypt.conf in all wanted vhost :
include /etc/nginx/letsencrypt.conf;
nginx -t
service nginx reload
4 - Create a CSR for a vhost with make-csr
# make-csr look for this file :
# /etc/nginx/sites-enabled/vhostname
# /etc/nginx/sites-enabled/vhostname.conf
# /etc/apache2/sites-enabled/vhostname
# /etc/apache2/sites-enabled/vhostname.conf
make-csr vhostname
5 - Generate the certificate with evoacme
# evoacme look for /etc/ssl/requests/vhostname
# vhostname was the same used by make-csr
evoacme vhostname
6 - Include ssl configuration
Sll configuration has generated, you must include it in your vhost.
For Apache :
Include /etc/apache2/ssl/vhost.conf
For Nginx :
include /etc/nginx/ssl/vhost.conf;
# License
Evoacme is open source software licensed under the AGPLv3 License.