2017-02-03 15:52:48 +01:00
# Evoacme 1.5
2016-12-14 15:49:34 +01:00
EvoAcme is an [Ansible ](https://www.ansible.com/ ) role and a [Certbot ](https://certbot.eff.org ) wrapper for generate [Let's Encrypt ](https://letsencrypt.org/ ) certificates.
2017-04-27 12:19:50 +02:00
It is a project hosted at [Evolix's forge ](https://forge.evolix.org/projects/ansible-roles/repository/ )
2016-12-14 15:49:34 +01:00
# How to install
1 - Create a playbook with evoacme role
2017-01-17 14:54:31 +01:00
~~~
2016-12-14 15:49:34 +01:00
---
- hosts: hostname
become: yes
roles:
- role: evoacme
2017-01-17 14:54:31 +01:00
~~~
2016-12-14 15:49:34 +01:00
2 - Install evoacme prerequisite with ansible
2017-01-17 14:54:31 +01:00
~~~
2016-12-14 15:49:34 +01:00
ansible-playbook playbook.yml -Kl hostname
2017-01-17 14:54:31 +01:00
~~~
2016-12-14 15:49:34 +01:00
3 - Include letsencrypt.conf in your webserver
For Apache, you just need to ensure that you don't overwrite "/.well-known/acme-challenge" Alias with a Redirect or Rewrite directive.
For Nginx, you must include letsencrypt.conf in all wanted vhost :
2017-01-17 14:54:31 +01:00
~~~
2016-12-14 15:49:34 +01:00
include /etc/nginx/letsencrypt.conf;
nginx -t
service nginx reload
2017-01-17 14:54:31 +01:00
~~~
2016-12-14 15:49:34 +01:00
4 - Create a CSR for a vhost with make-csr
2017-01-17 14:54:31 +01:00
~~~
2017-01-31 15:14:20 +01:00
# make-csr look for this file :
# /etc/nginx/sites-enabled/vhostname
# /etc/nginx/sites-enabled/vhostname.conf
# /etc/apache2/sites-enabled/vhostname
# /etc/apache2/sites-enabled/vhostname.conf
2016-12-14 15:49:34 +01:00
make-csr vhostname
2017-01-17 14:54:31 +01:00
~~~
2016-12-14 15:49:34 +01:00
2017-02-03 15:52:48 +01:00
5 - Generate the certificate with evoacme
2016-12-14 15:49:34 +01:00
2017-01-17 14:54:31 +01:00
~~~
2017-01-31 15:14:20 +01:00
# evoacme look for /etc/ssl/requests/vhostname
# vhostname was the same used by make-csr
2016-12-14 15:49:34 +01:00
evoacme vhostname
2017-01-17 14:54:31 +01:00
~~~
2016-12-14 15:49:34 +01:00
2017-02-03 15:52:48 +01:00
6 - Include ssl configuration
Sll configuration has generated, you must include it in your vhost.
For Apache :
~~~
Include /etc/apache2/ssl/vhost.conf
~~~
For Nginx :
~~~
include /etc/nginx/ssl/vhost.conf;
~~~
2016-12-14 15:49:34 +01:00
# License
Evoacme is open source software licensed under the AGPLv3 License.