ansible + letsencrypt + nginx

README.md

Small example on how to set up letsencrypt with nginx and ansible.

1. Include nginx snippet in default configuration and configuration of every vhost you would like to have letsencrypt enabled for
2. Make sure nginx is reloaded before letsencrypt role (protip: - meta: flush_handlers)
3. Use playbook.yml as a further example.

etc_nginx_snippets_letsencrypt.conf

location /.well-known/acme-challenge {
    root /var/www/letsencrypt;
}

playbook.yml

---
- hosts: all
  vars:
    letsencrypt_email: test@example
  roles:
    - nginx
    - { role: letsencrypt, domains: ['example.com', 'alias.example.com'] }

roles_letsencrypt_tasks_main.yml

---
- name: install letsencrypt
  apt: name=letsencrypt state=latest
- name: create letsencrypt directory
  file: name=/var/www/letsencrypt state=directory
- name: create certificate
  shell: letsencrypt certonly -n --webroot -w /var/www/letsencrypt -m {{ letsencrypt_email }} --agree-tos -d {{ domains|join(",") }}
  args:
    creates: /etc/letsencrypt/live/{{ domains[0] }}

# TODO: Add renewal cronjob