Build in support for Nginx and autorenewal

[geerlingguy]

Maybe use https://github.com/diafygi/acme-tiny?

[030]

What about just running (https://certbot.eff.org/#ubuntuxenial-nginx)

letsencrypt renew 

[enricostano]

I would like to give a try solving this. What's the plan on installing plugins? Should we first think about how do we want to manage plugins?

The general idea could be:

1. Make it possible to install more recent versions (e.g. using PPA like in https://github.com/geerlingguy/ansible-role-certbot/pull/32)
2. Store in a variable the list of plugins to install (e.g. certbot_plugins, empty by default)
3. Install package for each plugin (e.g. certbot-nginx)
4. Create certificates with certonly --nginx (this will NOT modify nginx configuration)
5. Renew as usual with just renew, certbot-nginx plugin will deal with nginx servers

Notes

• Point 1 and 3 may change installing certbot-auto via sources
• This approach requires a custom Nginx configuration to add in the role that manages Nginx server blocks (e.g. https://wiki.archlinux.org/index.php/Let%E2%80%99s_Encrypt#Managing_server_blocks)

What do you think?

[stale[bot]]

This issue has been marked 'stale' due to lack of recent activity. If there is no further activity, the issue will be closed in another 30 days. Thank you for your contribution!

Please read this blog post to see the reasons why I mark issues as stale.

[colans]

This is still an issue.

[stale[bot]]

This issue is no longer marked for closure.

[ericsysmin]

I've added plugin support, so you can have plugin installed, however, you will still need to modify the cerbot command https://github.com/geerlingguy/ansible-role-certbot/pull/108

[stale[bot]]

This issue has been marked 'stale' due to lack of recent activity. If there is no further activity, the issue will be closed in another 30 days. Thank you for your contribution!

Please read this blog post to see the reasons why I mark issues as stale.

[colans]

This is still an issue.

[stale[bot]]

This issue is no longer marked for closure.

[stale[bot]]

This issue has been marked 'stale' due to lack of recent activity. If there is no further activity, the issue will be closed in another 30 days. Thank you for your contribution!

Please read this blog post to see the reasons why I mark issues as stale.

[colans]

This is still an issue.

[stale[bot]]

This issue is no longer marked for closure.

[stale[bot]]

This issue has been marked 'stale' due to lack of recent activity. If there is no further activity, the issue will be closed in another 30 days. Thank you for your contribution!

Please read this blog post to see the reasons why I mark issues as stale.

[colans]

This is still an issue.

[stale[bot]]

This issue is no longer marked for closure.

[stale[bot]]

This issue has been marked 'stale' due to lack of recent activity. If there is no further activity, the issue will be closed in another 30 days. Thank you for your contribution!

Please read this blog post to see the reasons why I mark issues as stale.

[colans]

👋

[stale[bot]]

This issue is no longer marked for closure.

[stale[bot]]

This issue has been marked 'stale' due to lack of recent activity. If there is no further activity, the issue will be closed in another 30 days. Thank you for your contribution!

Please read this blog post to see the reasons why I mark issues as stale.

[colans]

:wave:

[stale[bot]]

This issue is no longer marked for closure.

[stale[bot]]

This issue has been marked 'stale' due to lack of recent activity. If there is no further activity, the issue will be closed in another 30 days. Thank you for your contribution!

Please read this blog post to see the reasons why I mark issues as stale.

[colans]

:wave:

[stale[bot]]

This issue is no longer marked for closure.

[stale[bot]]

This issue has been marked 'stale' due to lack of recent activity. If there is no further activity, the issue will be closed in another 30 days. Thank you for your contribution!

Please read this blog post to see the reasons why I mark issues as stale.

[colans]

:wave:

[stale[bot]]

This issue is no longer marked for closure.

[stale[bot]]

This issue has been marked 'stale' due to lack of recent activity. If there is no further activity, the issue will be closed in another 30 days. Thank you for your contribution!

Please read this blog post to see the reasons why I mark issues as stale.

[colans]

:wave:

[stale[bot]]

This issue is no longer marked for closure.

[sgutermann]

I am not sure on what the actual problem is trying to be solved here. If you use the standalone option you get your cert. What you do with it should be up to you and your ansible.

If this is about the cronjob not working as the apache or nginx or whatever is still running then the quick fix would be to ad the pre and post hook.

Really unclean example would be:

"{{ certbot_script }} renew {{ certbot_auto_renew_options }} --pre-hook='systemctl stop {{ certbot_create_standalone_stop_services | join(' ') }}' --post-hook='systemctl start {{ certbot_create_standalone_stop_services | join(' ') }}'"

Like I said "unclean" as the var was intented for the first install according to the README.

[colans]

Thanks for confirming. This looks close enough to what I came up with for our Matomo role, but I specified it in the domain config instead (which seems cleaner). See the commit for details.

I suppose we can close this then. (I'd do it, but I don't see a button for that.)

[stale[bot]]

This issue has been marked 'stale' due to lack of recent activity. If there is no further activity, the issue will be closed in another 30 days. Thank you for your contribution!

Please read this blog post to see the reasons why I mark issues as stale.

[stale[bot]]

This issue has been closed due to inactivity. If you feel this is in error, please reopen the issue or file a new issue with the relevant details.