ansible-roles/evoacme
Benoît S. 758a537a8d For SANs certificates, also add a CN for the first domain 2018-07-12 11:12:29 +02:00
..
defaults evoacme: install hooks 2017-10-20 10:14:46 +02:00
files For SANs certificates, also add a CN for the first domain 2018-07-12 11:12:29 +02:00
handlers Better squid/squid3 whitelist and reload 2017-07-12 12:17:33 +02:00
meta Ansible >= 2.2 supported 2017-03-24 14:15:09 +01:00
tasks evoacme: disable old certbot cron also in cron.daily 2018-06-21 17:22:40 +02:00
templates evoacme: fix module detection in apache config 2018-06-20 11:07:23 +02:00
tests Add some kitchen tests for many roles 2017-05-18 15:16:30 +02:00
.kitchen.yml Kitchen: Change base image to evolix/ansible 2017-06-02 08:38:08 -04:00
README.md evoacme: better documentation 2017-11-25 14:17:36 +01:00

README.md

Evoacme 2.0

EvoAcme is an Ansible role and a Certbot wrapper for generate Let's Encrypt certificates.

It is a project hosted at Evolix's forge

Evoacme is open source software licensed under the AGPLv3 License.

Install

1 - Create a playbook with evoacme role

---
- hosts: hostname
  become: yes
  roles:
    - evoacme

2 - Install evoacme prerequisite with ansible

# ansible-playbook playbook.yml -K --limit hostname

3 - Include letsencrypt.conf in your webserver

For Apache, you just need to ensure that you don't overwrite "/.well-known/acme-challenge" Alias with a Redirect or Rewrite directive.

For Nginx, you must include /etc/nginx/snippets/letsencrypt.conf in all wanted vhosts :

server {
    […]
    include /etc/nginx/snippets/letsencrypt.conf;
    […]
}

then reload the Nginx configuration :

# nginx -t
# service nginx reload

4 - Create a CSR for a vhost with make-csr

# make-csr vhostname domain...

5 - Generate the certificate with evoacme

# evoacme look for /etc/ssl/requests/vhostname
# vhostname was the same used by make-csr
evoacme vhostname

6 - Include ssl configuration

Sll configuration has generated, you must include it in your vhost.

For Apache :

Include /etc/apache2/ssl/vhost.conf

For Nginx :

include /etc/nginx/ssl/vhost.conf;