ansible-roles/evoacme
Jérémy Lecour 2794929c22 Add some kitchen tests for many roles 2017-05-18 15:16:30 +02:00
..
defaults evoacme: namespaced variables 2016-12-21 16:23:28 +01:00
files evoacme: reinit ssl conf when overwrite csr and key 2017-05-10 11:28:53 +02:00
handlers evoacme: add squid whitelist for ocsp server 2017-05-16 10:30:17 +02:00
meta Ansible >= 2.2 supported 2017-03-24 14:15:09 +01:00
tasks evoacme: simplify squid whitelist management 2017-05-16 15:04:24 +02:00
templates evoacme: check apache2 module 2017-04-18 10:54:37 +02:00
tests Add some kitchen tests for many roles 2017-05-18 15:16:30 +02:00
.kitchen.yml Add some kitchen tests for many roles 2017-05-18 15:16:30 +02:00
README.md evoacme: fix forge link in README 2017-04-27 12:19:54 +02:00

README.md

Evoacme 1.5

EvoAcme is an Ansible role and a Certbot wrapper for generate Let's Encrypt certificates.

It is a project hosted at Evolix's forge

How to install

1 - Create a playbook with evoacme role

---
  - hosts: hostname
    become: yes
    roles:
      - role: evoacme

2 - Install evoacme prerequisite with ansible

ansible-playbook playbook.yml -Kl hostname

3 - Include letsencrypt.conf in your webserver

For Apache, you just need to ensure that you don't overwrite "/.well-known/acme-challenge" Alias with a Redirect or Rewrite directive.

For Nginx, you must include letsencrypt.conf in all wanted vhost :

include /etc/nginx/letsencrypt.conf;
nginx -t
service nginx reload

4 - Create a CSR for a vhost with make-csr

# make-csr look for this file :
# /etc/nginx/sites-enabled/vhostname
# /etc/nginx/sites-enabled/vhostname.conf
# /etc/apache2/sites-enabled/vhostname
# /etc/apache2/sites-enabled/vhostname.conf
make-csr vhostname

5 - Generate the certificate with evoacme

# evoacme look for /etc/ssl/requests/vhostname
# vhostname was the same used by make-csr
evoacme vhostname

6 - Include ssl configuration

Sll configuration has generated, you must include it in your vhost.

For Apache :

Include /etc/apache2/ssl/vhost.conf

For Nginx :

include /etc/nginx/ssl/vhost.conf;

# License

Evoacme is open source software licensed under the AGPLv3 License.