7c632352a0
The behaviour of the `include` module is badly defined (it try to choose between statically importing the tasks and dynamically including them) and can cause problems depending on any number of constraints (mostly if it choose the wrong behaviour). Replace it with the `import_tasks` (always statically import tasks) unless the `include` is in a loop in which case we replace it with `include_tasks` (always dynamically include tasks). |
||
|---|---|---|
| .. | ||
| defaults | ||
| files | ||
| handlers | ||
| meta | ||
| tasks | ||
| templates | ||
| tests | ||
| .kitchen.yml | ||
| README.md | ||
Evoacme 2.0
The upstream repository of EvoAcme is at https://gitea.evolix.org/evolix/evoacme
Shell scripts are copied from the upstream repository after each release. No changes must be applied directly here ; patch upstream, release then copy here.
Install
1 - Create a playbook with evoacme role
---
- hosts: hostname
become: yes
roles:
- evoacme
2 - Install evoacme prerequisite with ansible
# ansible-playbook playbook.yml -K --limit hostname
3 - Include letsencrypt.conf in your webserver
For Apache, you just need to ensure that you don't overwrite "/.well-known/acme-challenge" Alias with a Redirect or Rewrite directive.
For Nginx, you must include /etc/nginx/snippets/letsencrypt.conf in all wanted vhosts :
server {
[…]
include /etc/nginx/snippets/letsencrypt.conf;
[…]
}
then reload the Nginx configuration :
# nginx -t
# service nginx reload
4 - Create a CSR for a vhost with make-csr
# make-csr vhostname domain...
5 - Generate the certificate with evoacme
# evoacme look for /etc/ssl/requests/vhostname
# vhostname was the same used by make-csr
evoacme vhostname
6 - Include ssl configuration
Sll configuration has generated, you must include it in your vhost.
For Apache :
Include /etc/apache2/ssl/vhost.conf
For Nginx :
include /etc/nginx/ssl/vhost.conf;