2016-04-14 19:08:33 +02:00
|
|
|
---
|
|
|
|
letsencrypt_acme_install: False
|
2016-05-28 15:04:01 +02:00
|
|
|
# Set to false if a binary installation is needed (unsupported distributions)
|
|
|
|
letsencrypt_pkg_install: True
|
2016-10-03 22:56:27 +02:00
|
|
|
letsencrypt_acme_pkg_state: latest
|
|
|
|
letsencrypt_acme_pkgs:
|
|
|
|
- acmetool
|
|
|
|
- libcap2-bin
|
2016-10-03 22:57:43 +02:00
|
|
|
letsencrypt_acme_ppa_repo: 'ppa:hlandau/rhea'
|
2016-04-14 19:08:33 +02:00
|
|
|
letsencrypt_acme_debian_repo: 'deb http://ppa.launchpad.net/hlandau/rhea/ubuntu xenial main'
|
|
|
|
letsencrypt_acme_debian_repo_key: '9862409EF124EC763B84972FF5AC9651EDB58DFA'
|
|
|
|
letsencrypt_acme_user: acme
|
|
|
|
letsencrypt_acme_user_home: /var/lib/acme
|
2016-04-15 20:33:23 +02:00
|
|
|
letsencrypt_acme_log_dir: /var/log/acme
|
2016-04-14 19:08:33 +02:00
|
|
|
|
|
|
|
letsencrypt_acme_command: acmetool
|
|
|
|
letsencrypt_acme_command_opts: '--batch --xlog.syslog --xlog.severity=info'
|
|
|
|
letsencrypt_acme_config_dir: '{{ letsencrypt_acme_user_home }}/conf'
|
|
|
|
letsencrypt_acme_certsconf_dir: '{{ letsencrypt_acme_user_home }}/desired'
|
2016-04-14 19:31:02 +02:00
|
|
|
letsencrypt_acme_certs_dir: '{{ letsencrypt_acme_user_home }}/live/{{ ansible_fqdn }}'
|
2016-04-14 19:08:33 +02:00
|
|
|
# The various services maintainers need to put the reconfigure/restart scripts there
|
|
|
|
letsencrypt_acme_services_scripts_dir: /usr/lib/acme/hooks
|
|
|
|
|
|
|
|
# responses parameters
|
2016-08-04 16:57:32 +02:00
|
|
|
letsencrypt_tos_url: 'https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf'
|
|
|
|
letsencrypt_acme_agree_tos: true
|
2016-04-14 19:08:33 +02:00
|
|
|
letsencrypt_acme_rsa_key_size: 4096
|
2016-04-15 20:03:05 +02:00
|
|
|
# rsa|ecdsa
|
2016-04-14 19:08:33 +02:00
|
|
|
letsencrypt_acme_key_type: ecdsa
|
|
|
|
letsencrypt_acme_ecdsa_curve: nistp256
|
|
|
|
letsencrypt_acme_email: sysadmin@example.com
|
2017-01-26 18:33:49 +01:00
|
|
|
# We 'listener' or 'proxy'. Use 'listener' if we need a certificate for a non web service or before the web service has been configured.
|
2016-04-14 19:08:33 +02:00
|
|
|
# Need to set cap_net_bind_service=+ep for the acmetool binary so that it is able to bind port 80 in that case.
|
2017-01-26 18:33:49 +01:00
|
|
|
letsencrypt_acme_authenticator: listener
|
2016-04-14 19:08:33 +02:00
|
|
|
|
|
|
|
# desired parameters
|
|
|
|
letsencrypt_acme_domains:
|
|
|
|
- '{{ ansible_fqdn }}'
|
2016-04-17 14:20:44 +02:00
|
|
|
letsencrypt_acme_standalone_port: 4402
|
2016-04-14 19:08:33 +02:00
|
|
|
|