--- letsencrypt_acme_install: False # Set to false if a binary installation is needed (unsupported distributions) letsencrypt_pkg_install: True letsencrypt_acme_pkg_state: latest letsencrypt_acme_pkgs: - acmetool - libcap2-bin letsencrypt_acme_ppa_repo: 'ppa:hlandau/rhea' letsencrypt_acme_debian_repo: 'deb http://ppa.launchpad.net/hlandau/rhea/ubuntu xenial main' letsencrypt_acme_debian_repo_key: '9862409EF124EC763B84972FF5AC9651EDB58DFA' letsencrypt_acme_user: acme letsencrypt_acme_user_home: /var/lib/acme letsencrypt_acme_log_dir: /var/log/acme letsencrypt_acme_command: acmetool letsencrypt_acme_command_opts: '--hooks={{ letsencrypt_acme_services_scripts_dir }} --batch --xlog.syslog --xlog.syslogseverity=INFO --xlog.file="{{ letsencrypt_acme_log_dir }}/certrequest.log" --xlog.fileseverity=TRACE' letsencrypt_acme_config_dir: '{{ letsencrypt_acme_user_home }}/conf' letsencrypt_acme_certsconf_dir: '{{ letsencrypt_acme_user_home }}/desired' letsencrypt_acme_dest_dir: '{{ ansible_fqdn }}' letsencrypt_acme_certs_dir: '{{ letsencrypt_acme_user_home }}/live/{{ letsencrypt_acme_dest_dir }}' # The various services maintainers need to put the reconfigure/restart scripts there letsencrypt_acme_services_scripts_dir: /usr/lib/acme/hooks # responses parameters letsencrypt_tos_url: 'https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf' letsencrypt_acme_agree_tos: true letsencrypt_acme_rsa_key_size: 4096 letsencrypt_ocsp_must_staple: False # rsa|ecdsa letsencrypt_acme_key_type: ecdsa letsencrypt_acme_ecdsa_curve: nistp256 letsencrypt_acme_email: sysadmin@example.com letsencrypt_specify_key_id: False letsencrypt_key_id: 'some random string' # We 'listener' or 'proxy'. Use 'listener' if we need a certificate for a non web service or before the web service has been configured. # Need to set cap_net_bind_service=+ep for the acmetool binary so that it is able to bind port 80 in that case. letsencrypt_acme_authenticator: listener letsencrypt_acme_cron_day_of_month: '*' letsencrypt_acme_cron_hour: '{{ range(1, 4) | random }}' letsencrypt_acme_cron_minute: '{{ range(0, 59) | random }}' # desired parameters letsencrypt_acme_domains: - '{{ ansible_fqdn }}' letsencrypt_acme_standalone_port: 4402