crans
/
ansible
mirror of http://gitlab.adm.crans.org/nounous/ansible.git
19
0
Fork 0
Code Issues Projects Releases Wiki Activity

Initial certbot conf

certbot_on_virtu
Alexandre Iooss 2020-04-25 20:57:32 +02:00 committed by Bombar Maxime
parent 424e0df45e
commit 2dbe3c50b9
4 changed files with 58 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
roles/bind-authoritative/templates/bind/named.conf.j2
View File

@ -8,9 +8,6 @@
// //
// If you are just adding zones, please do that in /etc/bind/named.conf.local // If you are just adding zones, please do that in /etc/bind/named.conf.local
{% if bind.dnssec %}
include "/etc/bind/bind.keys";
{% endif %}
include "/etc/bind/named.conf.options"; include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local"; include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones"; include "/etc/bind/named.conf.default-zones";

25
roles/certbot/tasks/main.yml 100644
View File

@ -0,0 +1,25 @@
---
- name: Install certbot and RFC2136 plugin
apt:
update_cache: true
name:
- certbot
- python3-certbot-dns-rfc2136
state: present
register: apt_result
retries: 3
until: apt_result is succeeded
- name: Add DNS credentials
template:
src: letsencrypt/rfc2136.ini.j2
dest: /etc/letsencrypt/rfc2136.ini
mode: 0600
user: root
- name: Add Certbot configuration
template:
src: letsencrypt/conf.d/wildcard.ini.j2
dest: /etc/letsencrypt/conf.d/wildcard.ini
mode: 0644

26
roles/certbot/templates/letsencrypt/conf.d/wildcard.ini.j2 100644
View File

@ -0,0 +1,26 @@
{{ ansible_header | comment(decoration='# ') }}
# Pour appliquer cette conf et générer la conf de renewal :
# certbot --config wildcard.ini certonly
# Use a 4096 bit RSA key instead of 2048
rsa-key-size = 4096
# Always use the staging/testing server
# server = https://acme-staging.api.letsencrypt.org/directory
# server = https://acme-v01.api.letsencrypt.org/directory
# Uncomment and update to register with the specified e-mail address
email = root@crans.org
# Uncomment to use a text interface instead of ncurses
text = True
# Use DNS-01 challenge
authenticator = dns-rfc2136
dns-rfc2136-credentials = /etc/letsencrypt/rfc2136.ini
dns-rfc2136-propagation-seconds = 30
# Wildcard the domain
cert-name = crans.org
domains = crans.org, *.crans.org

7
roles/certbot/templates/letsencrypt/rfc2136.ini.j2 100644
View File

@ -0,0 +1,7 @@
{{ ansible_header | comment(decoration='# ') }}
dns_rfc2136_server = {{ dns_master }}
dns_rfc2136_port = 53
dns_rfc2136_name = certbot_challenge.
dns_rfc2136_secret = {{ certbot_dns_secret }}
dns_rfc2136_algorithm = HMAC-SHA512