letsencrypt
9 views
Skip to first unread message
Mauricio Tavares
Jan 28, 2020, 4:22:53 PM1/28/20
to ansible...@googlegroups.com
I saw there is a module[1] that you can use to create a
letsencrypt cert. How do you use it to renew said certificate?
[1] https://docs.ansible.com/ansible/latest/modules/acme_certificate_module.html#acme-certificate-module
letsencrypt cert. How do you use it to renew said certificate?
[1] https://docs.ansible.com/ansible/latest/modules/acme_certificate_module.html#acme-certificate-module
Felix Fontein
Jan 28, 2020, 6:13:25 PM1/28/20
to ansible...@googlegroups.com
Hi,
> I saw there is a module[1] that you can use to create a
> letsencrypt cert. How do you use it to renew said certificate?
exactly the same as for getting a certificate in the first place. There
is no explicit "renew" operation in the ACME protocol.
You can use the module to only start obtaining a certificate if the
current certificate doesn't exist or is expiring in less than N days
(see the remaining_days option), or you can use it to always obtain a
certificate (see the force option).
To see how to write your role/playbook so that a renewal is only made
if the module wants to obtain a certificate, look for `register:
sample_com_challenge` and `when: sample_com_challenge is changed` in
the examples section.
Cheers,
Felix
>
> [1]
> https://docs.ansible.com/ansible/latest/modules/acme_certificate_module.html#acme-certificate-module
>
> I saw there is a module[1] that you can use to create a
> letsencrypt cert. How do you use it to renew said certificate?
is no explicit "renew" operation in the ACME protocol.
You can use the module to only start obtaining a certificate if the
current certificate doesn't exist or is expiring in less than N days
(see the remaining_days option), or you can use it to always obtain a
certificate (see the force option).
To see how to write your role/playbook so that a renewal is only made
if the module wants to obtain a certificate, look for `register:
sample_com_challenge` and `when: sample_com_challenge is changed` in
the examples section.
Cheers,
Felix
>
> [1]
> https://docs.ansible.com/ansible/latest/modules/acme_certificate_module.html#acme-certificate-module
>
Stefan Hornburg (Racke)
Jan 29, 2020, 4:10:52 AM1/29/20
to ansible...@googlegroups.com
take care of renewals (but I recommend to monitor them).
Regards
Racke
--
Ecommerce and Linux consulting + Perl and web application programming.
Debian and Sympa administration. Provisioning with Ansible.
Reply all
Reply to author
Forward
0 new messages