Ansible Certbot

Using Ansible to install a lets encrypt certificate

Using geerlinguy.certbot we can create a playbook that uses this role to install a certificate.

To install the role: ansible-galaxy install geerlinguy.certbot -p This will install it into the path of

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
vars:
    certbot_create_if_missing: yes
    certbot_create_method: standalone
    certbot_admin_email: simon@bawesomedomain.co.uk
    certbot_certs:
    - domains:
        - awesomedomain.co.uk
        - www.awesomedomain.co.ukS
    certbot_create_standalone_stop_services:
      - nginx
 roles:
   - geerlingguy.certbot

By default this role will create a cron job which will run under the user you have given Ansible.

Here is the default variables for the cron job that you can change:

1
2
3
4
5
certbot_auto_renew: true
certbot_auto_renew_user: "{{ ansible_user }}"
certbot_auto_renew_hour: 3
certbot_auto_renew_minute: 30
certbot_auto_renew_options: "--quiet --no-self-upgrade"
If we were to put one of the above variables into the playbook then it would look like the following:
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
vars:
    certbot_create_if_missing: yes
    certbot_create_method: standalone
    certbot_admin_email: simon@bawesomedomain.co.uk
    certbot_certs:
    - domains:
        - awesomedomain.co.uk
        - www.awesomedomain.co.uk
    certbot_create_standalone_stop_services:
      - nginx
    certbot_auto_renew: false
 roles:
   - geerlingguy.certbot