2019-05-15 01:22:27 +02:00
|
|
|
---
|
|
|
|
# https://copr.fedorainfracloud.org/coprs/hlandau/acmetool/
|
|
|
|
letsencrypt_acme_install: True
|
|
|
|
letsencrypt_acme_pkgs:
|
|
|
|
- acmetool
|
|
|
|
- libcap
|
|
|
|
letsencrypt_acme_repo_ver: 7
|
|
|
|
letsencrypt_acme_repo_name: 'hlandau-acmetool-epel-{{ letsencrypt_acme_repo_ver }}.repo'
|
|
|
|
letsencrypt_acme_repo_url: 'https://copr.fedorainfracloud.org/coprs/hlandau/acmetool/repo/epel-{{ letsencrypt_acme_repo_ver }}/{{ letsencrypt_acme_repo_name }}'
|
|
|
|
letsencrypt_acme_user: acme
|
|
|
|
letsencrypt_acme_user_home: /var/lib/acme
|
|
|
|
letsencrypt_acme_log_dir: /var/log/acme
|
|
|
|
|
|
|
|
letsencrypt_acme_command: acmetool
|
2019-08-07 19:08:51 +02:00
|
|
|
letsencrypt_acme_command_opts: '--hooks={{ letsencrypt_acme_services_scripts_dir }} --batch --xlog.syslog --xlog.severity=INFO --xlog.file="{{ letsencrypt_acme_log_dir }}/certrequest.log" --xlog.fileseverity=TRACE'
|
2019-05-15 01:22:27 +02:00
|
|
|
letsencrypt_acme_config_dir: '{{ letsencrypt_acme_user_home }}/conf'
|
|
|
|
letsencrypt_acme_certsconf_dir: '{{ letsencrypt_acme_user_home }}/desired'
|
|
|
|
letsencrypt_acme_certs_dir: '{{ letsencrypt_acme_user_home }}/live/{{ ansible_fqdn }}'
|
|
|
|
# The various services maintainers need to put the reconfigure/restart scripts there
|
|
|
|
letsencrypt_acme_services_scripts_dir: /usr/lib/acme/hooks
|
|
|
|
|
|
|
|
# responses parameters
|
|
|
|
letsencrypt_tos_url: 'https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'
|
|
|
|
letsencrypt_acme_agree_tos: true
|
|
|
|
letsencrypt_acme_rsa_key_size: 4096
|
|
|
|
# rsa|ecdsa
|
|
|
|
letsencrypt_acme_key_type: ecdsa
|
|
|
|
letsencrypt_acme_ecdsa_curve: nistp256
|
|
|
|
letsencrypt_acme_email: sysadmin@example.com
|
|
|
|
# We 'listener' or 'proxy'. Use 'listener' if we need a certificate for a non web service or before the web service has been configured.
|
|
|
|
# Need to set cap_net_bind_service=+ep for the acmetool binary so that it is able to bind port 80 in that case.
|
|
|
|
letsencrypt_acme_authenticator: listener
|
|
|
|
|
|
|
|
# desired parameters
|
|
|
|
letsencrypt_acme_domains:
|
|
|
|
- '{{ ansible_fqdn }}'
|
|
|
|
letsencrypt_acme_standalone_port: 4402
|
|
|
|
|