ansible-roles/evoacme
Jeremy Lecour a6bac1f20b
All checks were successful
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2593|3|2590|23|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/280//ansiblelint">Evolix » ansible-roles » unstable #280</a>
gitea/ansible-roles/pipeline/head This commit looks good
change syntax "become: [yes,no]" → "become: [true,false]"
2023-07-03 14:21:22 +02:00
..
defaults evoacme: variable to disable Debian version check (default: False) 2020-11-21 09:59:10 +01:00
files evoacme: exclude renewal-hooks directory from cron 2021-10-05 08:28:47 +02:00
handlers Use FQCN 2023-03-20 23:33:19 +01:00
meta Update Galaxy metadata (company, platforms and galaxy_tags) 2021-06-28 15:26:28 +02:00
tasks Use FQCN 2023-03-20 23:33:19 +01:00
templates evoacme: Fix syntax that introduced extra ending space 2023-03-27 10:16:57 +02:00
tests change syntax "become: [yes,no]" → "become: [true,false]" 2023-07-03 14:21:22 +02:00
.kitchen.yml Kitchen: Change base image to evolix/ansible 2017-06-02 08:38:08 -04:00
README.md evoacme: upstream version 19.11 2019-11-05 14:08:02 +01:00

Evoacme 2.0

The upstream repository of EvoAcme is at https://gitea.evolix.org/evolix/evoacme

Shell scripts are copied from the upstream repository after each release. No changes must be applied directly here ; patch upstream, release then copy here.

Install

1 - Create a playbook with evoacme role

---
- hosts: hostname
  become: yes
  roles:
    - evoacme

2 - Install evoacme prerequisite with ansible

# ansible-playbook playbook.yml -K --limit hostname

3 - Include letsencrypt.conf in your webserver

For Apache, you just need to ensure that you don't overwrite "/.well-known/acme-challenge" Alias with a Redirect or Rewrite directive.

For Nginx, you must include /etc/nginx/snippets/letsencrypt.conf in all wanted vhosts :

server {
    […]
    include /etc/nginx/snippets/letsencrypt.conf;
    […]
}

then reload the Nginx configuration :

# nginx -t
# service nginx reload

4 - Create a CSR for a vhost with make-csr

# make-csr vhostname domain...

5 - Generate the certificate with evoacme

# evoacme look for /etc/ssl/requests/vhostname
# vhostname was the same used by make-csr
evoacme vhostname

6 - Include ssl configuration

Sll configuration has generated, you must include it in your vhost.

For Apache :

Include /etc/apache2/ssl/vhost.conf

For Nginx :

include /etc/nginx/ssl/vhost.conf;