Step zero: Install this role by creating the directories roles/letsencrypt/
, roles/letsencrypt/files/
and roles/letsencrypt/tasks/
. Then save the tasks.yml
from this gist as roles/letsencrypt/tasks/main.yml
and config.sh
from this gist as roles/letsencrypt/files/config.sh
.
Step one: Add the following to your nginx server config
location /.well-known/acme-challenge {
root /var/www/letsencrypt;
}
Step two: Execute the ansible role, e.g. using
- hosts: glokta
remote_user: root
roles:
- role: letsencrypt
domainsets:
- domains:
- raphaelmichel.de
- www.raphaelmichel.de
Step three: Use the certificaes, e.g.
ssl on;
ssl_certificate /etc/ssl/letsencrypt/certs/raphaelmichel.de/fullchain.pem;
ssl_certificate_key /etc/ssl/letsencrypt/certs/raphaelmichel.de/privkey.pem;
I checked the script and it's huge! What are the benefits of using it instead of certbot for example?