3.8 KiB
Acmetool LE client
Install and configure the acmetool LE client.
Currently this role is designed to work with the do1jlr.nginx ansible role. Maybe there will be a standalone version of this role someday...
Variables
-
acme_notification_email:(Default:root@example.org): LE account email. The default needs to be changed! -
acme_reload_services:(Default:[]): Services that need a reload by certificat change (There are some services pre-defined in the files/reload file) -
acme_restart_services:(Default:[]): Services that need a restart by certificat change -
submodules_versioncheck:(Default:false): Enable basic versionscheck. (trueis recomended)
Files
- We search the
response-file.yml.j2using the first_found_loopup with the following config:
files:
- "response-file.{{ inventory_hostname }}.yml.j2"
- 'response-file.yml.j2'
paths:
- 'templates/acmetool'
- "templates/{{ inventory_hostname }}"
- 'files/acmetool'
- "files/{{ inventory_hostname }}"
- 'templates'
This file is configuring the acmetool behaviour like certificate type, challange methode, acme notification email and so on. Change the values by providing your own response-file.yml.j2.
-
We search the
reloadandrestarthook using the first_found_loopup with the config defined invars/main.yml. -
We deploy the
acme-reloadandacme-restartconfiguration based on theacme_reload_services:andacme_restart_services:variables
References
Good to know
- If you are using debian buster, you are probably interested in a more up to date version of acmetool. Have a look at the do1jlr.acmetool_fix role, that will install a specific version of acmetool on debian based systems.
- To add a domain manually to acmetool run
acmetool want example.com - To remove a domain manually from acmetool,
acmetool unwant example.com
Testing
We are using the following github actions for testing and releasing to ansible galaxy.
| Action Status | Marketplace |
|---|---|
 |
ansible-lint |
 |
publish-ansible-role-to-galaxy |
 |
yamllint-github-action |