Skip to content

Instantly share code, notes, and snippets.

@raphaelm

raphaelm/INSTRUCTIONS.md

Last active November 26, 2019 20:01
Show Gist options
  • Star 5 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save raphaelm/10226edb0e46f7ce844e to your computer and use it in GitHub Desktop.
Save raphaelm/10226edb0e46f7ce844e to your computer and use it in GitHub Desktop.
Download ZIP
letsencrypt.sh ansible role
Raw
config.sh
WELLKNOWN="/var/www/letsencrypt/.well-known/acme-challenge"
Raw
INSTRUCTIONS.md

Step zero: Install this role by creating the directories roles/letsencrypt/, roles/letsencrypt/files/ and roles/letsencrypt/tasks/. Then save the tasks.yml from this gist as roles/letsencrypt/tasks/main.yml and config.sh from this gist as roles/letsencrypt/files/config.sh.

Step one: Add the following to your nginx server config

location /.well-known/acme-challenge {
    root /var/www/letsencrypt;
}

Step two: Execute the ansible role, e.g. using

- hosts: glokta
  remote_user: root
  roles:
    - role: letsencrypt
      domainsets:
        - domains:
          - raphaelmichel.de
          - www.raphaelmichel.de

Step three: Use the certificaes, e.g.

ssl on;
ssl_certificate /etc/ssl/letsencrypt/certs/raphaelmichel.de/fullchain.pem;
ssl_certificate_key /etc/ssl/letsencrypt/certs/raphaelmichel.de/privkey.pem;
Raw
tasks.yml
---
- name: Ensure Challenge directory exists
file: path=/var/www/letsencrypt/.well-known/acme-challenge state=directory mode=0755 owner=root recurse=yes
- name: Ensure curl is installed
apt: name=curl state=installed
- name: Ensure SSL base directory exists
file: path=/etc/ssl/letsencrypt state=directory mode=0750 owner=root group=www-data
- name: Ensure SSL domain list exists
command: touch /etc/ssl/letsencrypt/domains.txt
args:
creates: /etc/ssl/letsencrypt/domains.txt
- name: Ensure LE config exists
copy: src=config.sh dest=/etc/ssl/letsencrypt/config.sh mode=0750 owner=root
- name: Download letsencrypt shell script
get_url:
url: https://raw.githubusercontent.com/lukas2511/letsencrypt.sh/760b6894072ee7d1eb78d0e44db0e2aca7afca9c/letsencrypt.sh
dest: /etc/ssl/letsencrypt/letsencrypt.sh
mode: 0700
sha256sum: 025aa1e5b4830362d3908c4e4a6fe91ff0dd7ead369d37a75aa253b6fd3760c2
- name: Add line to domains file
lineinfile:
dest: /etc/ssl/letsencrypt/domains.txt
line: "{{ item.domains | join(' ') }}"
with_items: "{{ domainsets }}"
- name: Execute letsencrypt shell script
shell: ./letsencrypt.sh -c
args:
chdir: /etc/ssl/letsencrypt
- name: Add LE cronjob
cron: name=lets-encrypt hour=4 minute=23 day=*/3 job="/etc/ssl/letsencrypt/letsencrypt.sh -c"
@gmarokov
Copy link

I checked the script and it's huge! What are the benefits of using it instead of certbot for example?

@raphaelm
Copy link
Author

It's easy to install anywhere since it got no external dependencies.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment