certbot(role): allow empty list of certificate domains

Also explicitly document that they are used with the HTTP-01 challenge. This is in preparation for adding a new option with DNS-01 challenge support.
certbot(role): move arguments documentation into README
2026-03-05 14:37:17 +01:00 · 2026-03-05 14:37:17 +01:00
3 changed files with 12 additions and 10 deletions
--- a/roles/certbot/README.md
+++ b/roles/certbot/README.md
@ -8,7 +8,15 @@ Also see the following documentation for a full How-to on how to get certificate
 ## Required Arguments
-For the required arguments look at the [`argument_specs.yaml`](./meta/argument_specs.yaml).
+- `certbot__acme_account_email_address`: The E-Mail address to use for the ACME account.
 ## Optional Arguments
 - `certbot__certificate_domains`: The domains for which to obtain a certificate using the HTTP-01 challenge.
 - `certbot__http_01_port`: The port number the bot listens on. Should be `80` if directly exposed to the internet.  
   Defaults to `31820` (for the public-reverse-proxy setup).
 - `certbot__new_cert_commands`: A list of commands to execute after getting a new certificate. Will be added into a bash script.  
  Defaults to the empty list (`[ ]`).
 ## `hosts`
--- a/roles/certbot/defaults/main.yaml
+++ b/roles/certbot/defaults/main.yaml
@ -1,2 +1,3 @@
 certbot__certificate_domains: [ ]
 certbot__http_01_port: 31820
 certbot__new_cert_commands: [ ]
--- a/roles/certbot/meta/argument_specs.yaml
+++ b/roles/certbot/meta/argument_specs.yaml
@ -2,25 +2,18 @@ argument_specs:
  main:
    options:
      certbot__acme_account_email_address:
        description: The E-Mail address to give to certbot for the ACME account.
        type: str
        required: true
      certbot__certificate_domains:
-        description: The domains for which to obtain a certificate.
+        type: list
-        type: list
+        elements: str
-        elements: str
+        required: false
-        required: true
+        default: [ ]
-      certbot__http_01_port:
+      certbot__http_01_port:
-        description: |
+        type: str
-          The port number the bot listens on. Must be 80 if directly exposed to the internet.
+        required: false
-          Default is 31820 for the public-reverse-proxy setup.
+        default: 31820
-        type: str
+      certbot__new_cert_commands:
        required: false
        default: 31820
      certbot__new_cert_commands:
        description: >-
          A list of commands to execute after getting a new certificate.
          Will be added into a bash script.
        type: list
        elements: str
        required: false
Author	SHA1	Message	Date
June	fee18bd349	certbot(role): allow empty list of certificate domains All checks were successful / Ansible Lint (push) Successful in 11m4s Details Also explicitly document that they are used with the HTTP-01 challenge. This is in preparation for adding a new option with DNS-01 challenge support.	2026-03-05 14:37:17 +01:00
June	3820a97584	certbot(role): move arguments documentation into README Do this to match how it's done in newer roles.	2026-03-05 14:37:17 +01:00