ansible-roles/evoacme/README.md

# Evoacme 2.0

The upstream repository of EvoAcme is at <https://gitea.evolix.org/evolix/evoacme>

Shell scripts are copied from the upstream repository after each release.
No changes must be applied directly here ; patch upstream, release then copy here.

## Install

### 1 - Create a playbook with evoacme role

~~~
---
- hosts: hostname
  become: yes
  roles:
    - evoacme
~~~

### 2 - Install evoacme prerequisite with ansible

~~~
# ansible-playbook playbook.yml -K --limit hostname
~~~

### 3 - Include letsencrypt.conf in your webserver

For Apache, you just need to ensure that you don't overwrite "/.well-known/acme-challenge" Alias with a Redirect or Rewrite directive.

For Nginx, you must include `/etc/nginx/snippets/letsencrypt.conf` in all wanted vhosts :

~~~
server {
    […]
    include /etc/nginx/snippets/letsencrypt.conf;
    […]
}
~~~

then reload the Nginx configuration :

~~~
# nginx -t
# service nginx reload
~~~

### 4 - Create a CSR for a vhost with make-csr

~~~
# make-csr vhostname domain...
~~~

### 5 - Generate the certificate with evoacme

~~~
# evoacme look for /etc/ssl/requests/vhostname
# vhostname was the same used by make-csr
evoacme vhostname
~~~

### 6 - Include ssl configuration

Sll configuration has generated, you must include it in your vhost.

For Apache :

~~~
Include /etc/apache2/ssl/vhost.conf
~~~

For Nginx :

~~~
include /etc/nginx/ssl/vhost.conf;
~~~
evoacme: better documentation 2017-11-25 14:14:09 +01:00			`# Evoacme 2.0`
Evoacme: merge role from evoacme private repo 2016-12-14 15:49:34 +01:00
evoacme: upstream version 19.11 2019-11-05 14:08:02 +01:00			`The upstream repository of EvoAcme is at <https://gitea.evolix.org/evolix/evoacme>`
Evoacme: merge role from evoacme private repo 2016-12-14 15:49:34 +01:00
evoacme: upstream version 19.11 2019-11-05 14:08:02 +01:00			`Shell scripts are copied from the upstream repository after each release.`
			`No changes must be applied directly here ; patch upstream, release then copy here.`
evoacme: better documentation 2017-11-25 14:14:09 +01:00
			`## Install`
Evoacme: merge role from evoacme private repo 2016-12-14 15:49:34 +01:00
evoacme: better documentation 2017-11-25 14:14:09 +01:00			`### 1 - Create a playbook with evoacme role`
Evoacme: merge role from evoacme private repo 2016-12-14 15:49:34 +01:00
evoacme : fix nginx challenge, check domain in make-csr 2017-01-17 14:54:31 +01:00			`~~~`
Evoacme: merge role from evoacme private repo 2016-12-14 15:49:34 +01:00			`---`
evoacme: better documentation 2017-11-25 14:14:09 +01:00			`- hosts: hostname`
			`become: yes`
			`roles:`
			`- evoacme`
evoacme : fix nginx challenge, check domain in make-csr 2017-01-17 14:54:31 +01:00			`~~~`
Evoacme: merge role from evoacme private repo 2016-12-14 15:49:34 +01:00
evoacme: better documentation 2017-11-25 14:14:09 +01:00			`### 2 - Install evoacme prerequisite with ansible`
Evoacme: merge role from evoacme private repo 2016-12-14 15:49:34 +01:00
evoacme : fix nginx challenge, check domain in make-csr 2017-01-17 14:54:31 +01:00			`~~~`
evoacme: better documentation 2017-11-25 14:14:09 +01:00			`# ansible-playbook playbook.yml -K --limit hostname`
evoacme : fix nginx challenge, check domain in make-csr 2017-01-17 14:54:31 +01:00			`~~~`
Evoacme: merge role from evoacme private repo 2016-12-14 15:49:34 +01:00
evoacme: better documentation 2017-11-25 14:14:09 +01:00			`### 3 - Include letsencrypt.conf in your webserver`
Evoacme: merge role from evoacme private repo 2016-12-14 15:49:34 +01:00
			`For Apache, you just need to ensure that you don't overwrite "/.well-known/acme-challenge" Alias with a Redirect or Rewrite directive.`

evoacme: better documentation 2017-11-25 14:14:09 +01:00			For Nginx, you must include `/etc/nginx/snippets/letsencrypt.conf` in all wanted vhosts :
evoacme : fix nginx challenge, check domain in make-csr 2017-01-17 14:54:31 +01:00
			`~~~`
evoacme: better documentation 2017-11-25 14:14:09 +01:00			`server {`
			`[…]`
			`include /etc/nginx/snippets/letsencrypt.conf;`
			`[…]`
			`}`
evoacme : fix nginx challenge, check domain in make-csr 2017-01-17 14:54:31 +01:00			`~~~`
Evoacme: merge role from evoacme private repo 2016-12-14 15:49:34 +01:00
evoacme: better documentation 2017-11-25 14:14:09 +01:00			`then reload the Nginx configuration :`
Evoacme: merge role from evoacme private repo 2016-12-14 15:49:34 +01:00
evoacme : fix nginx challenge, check domain in make-csr 2017-01-17 14:54:31 +01:00			`~~~`
evoacme: better documentation 2017-11-25 14:14:09 +01:00			`# nginx -t`
			`# service nginx reload`
evoacme : fix nginx challenge, check domain in make-csr 2017-01-17 14:54:31 +01:00			`~~~`
Evoacme: merge role from evoacme private repo 2016-12-14 15:49:34 +01:00
evoacme: better documentation 2017-11-25 14:14:09 +01:00			`### 4 - Create a CSR for a vhost with make-csr`

			`~~~`
			`# make-csr vhostname domain...`
			`~~~`

			`### 5 - Generate the certificate with evoacme`
Evoacme: merge role from evoacme private repo 2016-12-14 15:49:34 +01:00
evoacme : fix nginx challenge, check domain in make-csr 2017-01-17 14:54:31 +01:00			`~~~`
evoacme: - check apache conf dirs - look for vhost file with or without .conf extension 2017-01-31 15:14:20 +01:00			`# evoacme look for /etc/ssl/requests/vhostname`
			`# vhostname was the same used by make-csr`
Evoacme: merge role from evoacme private repo 2016-12-14 15:49:34 +01:00			`evoacme vhostname`
evoacme : fix nginx challenge, check domain in make-csr 2017-01-17 14:54:31 +01:00			`~~~`
Evoacme: merge role from evoacme private repo 2016-12-14 15:49:34 +01:00
evoacme: better documentation 2017-11-25 14:14:09 +01:00			`### 6 - Include ssl configuration`
evoacme : - Don't generate dhparams (not evoacme role) - Generate ssl conf file for vhost 2017-02-03 15:52:48 +01:00
			`Sll configuration has generated, you must include it in your vhost.`

			`For Apache :`

			`~~~`
			`Include /etc/apache2/ssl/vhost.conf`
			`~~~`

			`For Nginx :`

			`~~~`
			`include /etc/nginx/ssl/vhost.conf;`
			`~~~`