Hi All!
I’ve been a user of community.crypto.acme_certificate to get ACME certs from Lets Encrypt for quite some time.
Now that LE has started issuing ‘shortlived’ certs (certs with a lifetime of 6 days) in LE Prod the recommended method of renewing certificates is with ACME Renewal Info (ARI).
Ive looked through the docs on the ansible module and don’t think I see any ways of using the ARI functionality. Is ARI something that will be introduced into the module?
Thanks
Tim
Im answering my own question , well kinda.
It appears that this feature may be what I’m looking for. If anyone has used this Id like to hear about it!
Thanks!
Tim
I’ve tried using it in the beginning (I also implemented it), with mixed results - I added order_creation_error_strategy to fix that. With that, I think it worked well.
I’ve switched to the community.crypto.acme_certificate_* modules some time ago though (community.crypto.acme_certificate_renewal_info, community.crypto.acme_certificate_order_create, community.crypto.acme_certificate_order_validate, community.crypto.acme_certificate_order_finalize, community.crypto.acme_certificate_deactivate_authz) since I personally find it easier to implement an ACME certificate role with these than with the somewhat clunky interface of acme_certificate.