[freeradius] LE certificate with DNS challenge

radius.yml

@@ -0,0 +1,15 @@
+#!/usr/bin/env ansible-playbook
+---
+- hosts: eap.adm.crans.org, odlyd.adm.crans.org, radius.adm.crans.org
+  vars:
+    certbot:
+      dns_rfc2136_name: certbot_challenge.
+      dns_rfc2136_secret: "{{ vault_certbot_dns_secret }}"
+      mail: root@crans.org
+      certname: crans.org
+      domains: "crans.org"
+    bind:
+      masters: "{{ lookup('re2oapi', 'get_role', 'dns-authoritary-master')[0] }}"
+  roles:
+    - certbot
+    - freeradius

roles/freeradius/tasks/main.yml

@@ -0,0 +1,20 @@
+---
+- name: Symlink radius certificates
+  file:
+    src: /etc/letsencrypt/live/crans.org/{{ item }}
+    dest: /etc/freeradius/3.0/certs/letsencrypt/{{ item }}
+    state: link
+    force: yes
+  loop:
+    - fullchain.pem
+    - privkey.pem
+
+- name: Set permissions on certificates
+  file:
+    path: /etc/letsencrypt/{{ item }}
+    group: freerad
+    mode: '0755'
+    recurse: yes
+  loop:
+    - live
+    - archive