History

June fee18bd349 All checks were successful / Ansible Lint (push) Successful in 11m4s Details certbot(role): allow empty list of certificate domains Also explicitly document that they are used with the HTTP-01 challenge. This is in preparation for adding a new option with DNS-01 challenge support.		2026-03-05 14:37:17 +01:00
..
defaults	certbot(role): allow empty list of certificate domains	2026-03-05 14:37:17 +01:00
meta	certbot(role): allow empty list of certificate domains	2026-03-05 14:37:17 +01:00
tasks	certbot(role): don't use certbot__version_spec anymore as its not used	2026-03-01 20:08:49 +01:00
templates	move roles, files and templates dirs out of playbook dir into root dir	2024-12-08 02:55:25 +01:00
README.md	certbot(role): allow empty list of certificate domains	2026-03-05 14:37:17 +01:00

Role `certbot`

A role for deploying Certbot and setting up certificates using it.

Note: This role doesn't take care of deleting certificates.

Also see the following documentation for a full How-to on how to get certificates using this role in the context of our infra: https://wiki.ccchh.net/infrastructure:zertifikate.

Required Arguments

certbot__acme_account_email_address: The E-Mail address to use for the ACME account.

certbot__certificate_domains: The domains for which to obtain a certificate using the HTTP-01 challenge.
certbot__http_01_port: The port number the bot listens on. Should be 80 if directly exposed to the internet.
Defaults to 31820 (for the public-reverse-proxy setup).
certbot__new_cert_commands: A list of commands to execute after getting a new certificate. Will be added into a bash script.
Defaults to the empty list ([ ]).

The hosts for this role need to be the machines on which you want to make sure Certbot is deployed and given certificates are set up.