search

nephelaiio / ansible-role-acme-certificate-route53

An Ansible role to issue acme certificates with dns challenge verification using route53 name service
MIT License
1 stars 0 forks source link

I want to setup this FreeIPA #1

Open farazbyk opened 4 years ago

farazbyk commented 4 years ago

Hi, I want to have this certificates creation to work with FreeIPA and i have tested with http its working fine but that need to public interface / elastic IP on ec2 instance.

In your ansible role you define zone name can you share how zone from route53 identified and TXT record to it automatically ?

teddyphreak commented 4 years ago

Hi, the general idea is that if you have a service, say ipa.farazbyk.com you will set parameter acme_certificate_domain to that value. The role will then attempt to create letsencrypt certificate using an http challenge to zone farazbyk.com which should be registered to route53.

You can override this with parameter acme_certificate_zone and is initialized in the defaults/main.yml file as: acme_certificate_zone: "{{ acme_certificate_domain | split_with('.') | tail | join('.') }}"

All values for record creation are gathered automatically from the challenge starting at line 53 at https://github.com/nephelaiio/ansible-role-acme-certificate-route53/blob/master/tasks/main.yml