oguya
commented
8 years ago Let's use a template for the cron file & variable for certbot installation directory; this should give us some sort of flexibility.
Closed alanorth closed 8 years ago
oguya
commented
8 years ago Let's use a template for the cron file & variable for certbot installation directory; this should give us some sort of flexibility.
oguya
commented
8 years ago hmmm...then again, any(either normal file or template) can still achieve the same effect.
alanorth
commented
8 years ago Ok, I set the certbot path in roles/nginx/defaults/main.yml:
# Location of Let's Encrypt's certbot script
letsencrypt_certbot_dest: /opt/certbot-autoThen I have a few tasks for Let's Encrypt, roles/nginx/tasks/letsencrypt.yml:
- name: Download certbot
get_url: dest={{ letsencrypt_certbot_dest }} url=https://dl.eff.org/certbot-auto mode=700Nothing fancy, as it doesn't actually get the certs yet during ansible provisioning. Just setting up certbot and renewal scripts. See my nginx role. systemd stuff is covered (and cleaner), but all of our Ubuntu 14.04 hosts using Let's Encrypt still need cron-based renewal scripts, so we could run the different tasks based on distro version.
alanorth
commented
8 years ago Pull request with basic Let's Encrypt plumbing is ready in #60.
Hey, @oguya, this has been running on linode02 for a few months and it works well,
/etc/cron.d/renew-letsencrypt:https://gist.github.com/alanorth/9753de93decb6bd4fce3e9f6e50d8cae
We can simply copy it to hosts as a file, or use a template like the systemd service I use for my other server, renew-letsencrypt.service.j2, assuming the path to certbot is in a variable somewhere. What do you think?