letsencrypt

Mauricio_Tavares · January 28, 2020, 9:22pm

I saw there is a module[1] that you can use to create a
letsencrypt cert. How do you use it to renew said certificate?

[1] https://docs.ansible.com/ansible/latest/modules/acme_certificate_module.html#acme-certificate-module

felixfontein · January 28, 2020, 11:13pm

Hi,

I saw there is a module[1] that you can use to create a
letsencrypt cert. How do you use it to renew said certificate?

exactly the same as for getting a certificate in the first place. There
is no explicit "renew" operation in the ACME protocol.

You can use the module to only start obtaining a certificate if the
current certificate doesn't exist or is expiring in less than N days
(see the remaining_days option), or you can use it to always obtain a
certificate (see the force option).

To see how to write your role/playbook so that a renewal is only made
if the module wants to obtain a certificate, look for `register:
sample_com_challenge` and `when: sample_com_challenge is changed` in
the examples section.

Cheers,
Felix

racke · January 29, 2020, 9:10am

You could use certbot commands as alternative to this module. A proper certbot setup will
take care of renewals (but I recommend to monitor them).

Regards
Racke

Topic		Replies	Views
letsencrypt module behaviour Ansible Project	0	0	November 4, 2016
webserver secure Ansible Project	12	0	August 20, 2018
Help with acme_certificate / letsencrypt and empty challenge_data Ansible Project ubuntu	9	2	January 19, 2022
acme_certificate with *.domain.name Ansible Project	6	3	April 8, 2020
ansible fails to use renewed ssh certificates with ansible_ssh_executable is used Ansible Project	2	0	March 14, 2024

letsencrypt

Related topics