Last active
November 1, 2023 17:41
-
-
Save raniellyferreira/a97a148933547be4001ca3b78c1bb9e3 to your computer and use it in GitHub Desktop.
Ansible playbook configuração do certbot para gerar e renovar certificador usando dns do cloudflare
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# CloudFlare cloudflare.ini | |
# dns_cloudflare_email = "" | |
# dns_cloudflare_api_key = "" | |
- name: Let's Encrypt SSL certificates | |
hosts: all | |
become: yes | |
vars: | |
letsencrypt_account_email: example@email.com | |
secrets_path: /root/.secrets | |
tasks: | |
- name: Adicionando repo Certbot | |
apt_repository: | |
repo: ppa:certbot/certbot | |
state: present | |
- name: Instalando o Certbot | |
apt: name={{ item }} update_cache=yes state=latest | |
loop: | |
- certbot | |
- python3-certbot-dns-cloudflare | |
notify: | |
- start certbot | |
- name: Criar pasta .secrets | |
file: | |
path: "{{ secrets_path }}" | |
state: directory | |
mode: 0400 | |
- name: Copiar credenciais Cloudflare | |
copy: | |
src: ./cloudflare.ini | |
dest: "{{secrets_path}}/cloudflare.ini" | |
- name: Criar cron para renvação automatica | |
cron: | |
name: letsencrypt_renewal | |
special_time: weekly | |
job: /usr/bin/certbot renew --quiet --post-hook "/usr/sbin/service nginx reload" > /dev/null 2>&1 | |
state: present | |
- name: Gerar certificados com Cloudflare | |
shell: > | |
certbot certonly --dns-cloudflare --dns-cloudflare-propagation-seconds 60 --dns-cloudflare-credentials {{ secrets_path }}/cloudflare.ini --agree-tos --email {{ letsencrypt_account_email }} -d {{ item | join(',') }} | |
loop: | |
- ["example.com.br", "*.example.com.br"] | |
handlers: | |
- name: start certbot | |
service: name=certbot state=started enabled=yes | |
tags: install-certbot |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment