---
# https://copr.fedorainfracloud.org/coprs/hlandau/acmetool/
letsencrypt_acme_install: True
letsencrypt_acme_pkgs:
  - acmetool
  - libcap
letsencrypt_acme_repo_ver: 7
letsencrypt_acme_repo_name: 'hlandau-acmetool-epel-{{ letsencrypt_acme_repo_ver }}.repo'
letsencrypt_acme_repo_url: 'https://copr.fedorainfracloud.org/coprs/hlandau/acmetool/repo/epel-{{ letsencrypt_acme_repo_ver }}/{{ letsencrypt_acme_repo_name }}'
letsencrypt_acme_user: acme
letsencrypt_acme_user_home: /var/lib/acme
letsencrypt_acme_log_dir: /var/log/acme

letsencrypt_acme_command: acmetool
letsencrypt_acme_command_opts: '--hooks={{ letsencrypt_acme_services_scripts_dir }} --batch --xlog.syslog --xlog.severity=INFO --xlog.file="{{ letsencrypt_acme_log_dir }}/certrequest.log" --xlog.fileseverity=TRACE'
letsencrypt_acme_config_dir: '{{ letsencrypt_acme_user_home }}/conf'
letsencrypt_acme_certsconf_dir: '{{ letsencrypt_acme_user_home }}/desired'
letsencrypt_acme_certs_dir: '{{ letsencrypt_acme_user_home }}/live/{{ ansible_fqdn }}'
# The various services maintainers need to put the reconfigure/restart scripts there
letsencrypt_acme_services_scripts_dir: /usr/lib/acme/hooks

# responses parameters
letsencrypt_tos_url: 'https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'
letsencrypt_acme_agree_tos: true  
letsencrypt_acme_rsa_key_size: 4096
# rsa|ecdsa
letsencrypt_acme_key_type: ecdsa
letsencrypt_acme_ecdsa_curve: nistp256
letsencrypt_acme_email: sysadmin@example.com
# We 'listener' or 'proxy'. Use 'listener' if we need a certificate for a non web service or before the web service has been configured.
# Need to set cap_net_bind_service=+ep for the acmetool binary so that it is able to bind port 80 in that case.
letsencrypt_acme_authenticator: listener

# desired parameters
letsencrypt_acme_domains:
  - '{{ ansible_fqdn }}'
letsencrypt_acme_standalone_port: 4402