certbot(role): support DNS-01 certs using acme-dns

Introduce new configuration structure called certbot__certs, which allows for different challenge types per cert with the first challenge type supported being dns-01-acme-dns.
2026-03-31 16:48:00 +02:00 · 2026-03-31 16:48:00 +02:00 · 8bf6dfbefb
commit 8bf6dfbefb
parent 21f51ea2d7
9 changed files with 188 additions and 18 deletions
--- a/roles/certbot/tasks/main/install.yaml
+++ b/roles/certbot/tasks/main/install.yaml
@ -1,11 +1,30 @@
- name: make sure the `openssl` package is installed
+- name: ensure relevant packages are installed
  ansible.builtin.apt:
-    name: openssl
+    name:
+      - openssl
+      - certbot
+      - jq
    state: present
  become: true

- name: make sure the `certbot` package is installed
-  ansible.builtin.apt:
-    name: certbot
-    state: present
-  become: true
+- name: ensure manual auth scripts are deployed
+  block:
+    - name: ensure manual auth scripts directory exists
+      ansible.builtin.file:
+        path: "/usr/local/lib/ansible_certbot/manual_auth_scripts"
+        state: directory
+        owner: root
+        group: root
+        mode: "0755"
+      become: true
+
+    - name: ensure manual auth scripts are deployed
+      ansible.builtin.copy:
+        src: "manual_auth_scripts/{{ item }}.sh"
+        dest: "/usr/local/lib/ansible_certbot/manual_auth_scripts/{{ item }}.sh"
+        owner: root
+        group: root
+        mode: "0754"
+      become: true
+      loop:
+        - "dns-01-acme-dns"