Open Synchro opened 2 years ago
- copy:
dest: "/etc/letsencrypt/gandi.ini"
owner: root
group: root
mode: 0400
content: "dns_gandi_api_key={{ api_key }}"
- docker_container:
image: certbot/certbot
name: certbot_gandi
state: started
auto_remove: no
cleanup: yes
detach: no
debug: yes
volumes:
- "/etc/letsencrypt:/etc/letsencrypt"
- "/var/log/letsencrypt:/var/log/letsencrypt"
entrypoint: /bin/sh
command: "-c 'pip install certbot-plugin-gandi && certbot certonly --noninteractive --agree-tos --email {{ email }} --authenticator dns-gandi --dns-gandi-credentials /etc/letsencrypt/gandi.ini -d {{ domains | join(',') }}'"
- cron:
name: Certbot automatic renewal.
cron_file: "certbot"
job: "docker run -v /etc/letsencrypt:/etc/letsencrypt -v /var/log/letsencrypt:/var/log/letsencrypt --entrypoint /bin/sh certbot/certbot -c 'pip install certbot-plugin-gandi && certbot renew --quiet --no-self-upgrade --authenticator dns-gandi --dns-gandi-credentials /etc/letsencrypt/gandi.ini'"
minute: '22'
hour: '15'
user: foo
(Note: It'd be so much better certbot-plugin-gandi
be either bundled in certbot/certbot
or that an official standalone docker image existed)
This is just to help others that try to do this and have run into issues with certbot snap installation. I was trying to come up with a clean install method to use with ansible, and I've got it working successfully with this config (on Ubuntu):
This installs using virtualenv, as the EFF recommends, but this means that the gandi plugin needs to be installed in the same virtualenv, or certbot won't see it. HTH.