You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Jérémy Lecour 7d63f20336
evoacme: exclude renewal-hooks directory from cron
1 year ago
defaults evoacme: variable to disable Debian version check (default: False) 2 years ago
files evoacme: exclude renewal-hooks directory from cron 1 year ago
handlers Better squid/squid3 whitelist and reload 6 years ago
meta Update Galaxy metadata (company, platforms and galaxy_tags) 2 years ago
tasks Improve Ansible syntax 2 years ago
templates Add directive auth_basic off for nginx configuration 2 years ago
tests Add some kitchen tests for many roles 6 years ago
.kitchen.yml Kitchen: Change base image to evolix/ansible 6 years ago evoacme: upstream version 19.11 3 years ago

Evoacme 2.0

The upstream repository of EvoAcme is at

Shell scripts are copied from the upstream repository after each release. No changes must be applied directly here ; patch upstream, release then copy here.


1 - Create a playbook with evoacme role

- hosts: hostname
  become: yes
    - evoacme

2 - Install evoacme prerequisite with ansible

# ansible-playbook playbook.yml -K --limit hostname

3 - Include letsencrypt.conf in your webserver

For Apache, you just need to ensure that you don't overwrite "/.well-known/acme-challenge" Alias with a Redirect or Rewrite directive.

For Nginx, you must include /etc/nginx/snippets/letsencrypt.conf in all wanted vhosts :

server {
    include /etc/nginx/snippets/letsencrypt.conf;

then reload the Nginx configuration :

# nginx -t
# service nginx reload

4 - Create a CSR for a vhost with make-csr

# make-csr vhostname domain...

5 - Generate the certificate with evoacme

# evoacme look for /etc/ssl/requests/vhostname
# vhostname was the same used by make-csr
evoacme vhostname

6 - Include ssl configuration

Sll configuration has generated, you must include it in your vhost.

For Apache :

Include /etc/apache2/ssl/vhost.conf

For Nginx :

include /etc/nginx/ssl/vhost.conf;