This site won't get any more updates, see github repo for most recent docs.
This role fetches Letsencrypt certificates for you. Dehydrated does it in standalone mode so it simply fetches certs. Via hooks of course you can restart services after they were fetched.
This role is mainly tested in DNS challenge environments but also HTTP. If you want to use testing CA you would need to override the dehydrated_ca var.
Requirements:
Supported OSes:
ansible_dehydrated will install curl and dehydrated via package manager. It will further install a cron job for automatic renewal. You need to define a list of domains that dehydrated shall fetch certificates for. If you need multiple fqdn in one cert, just put them in one line:
dehydrated_domains:
- "test.example.com"
- "testing.com www.testing.com"
Example DNS challenge:
dehydrated_challengetype: "dns-01"
dehydrated_hookchain: "yes"
dehydrated_pdnshost: "https://apiendpoint.example.com"
dehydrated_pdnskey: "yoursecretAPIkey"
dehydrated_hook: "{{ dehydrated_basedir }}/pdns_api.sh"
Example HTTP challenge:
dehydrated_users_groupadd:
- "www-data"
dehydrated_hook: "{{ dehydrated_basedir }}/nginxhook.sh"
dehydrated_wellknown: "/usr/local/www/dehydrated"
dehydrated_challengetype: "http-01"
This of course requires that your webserver is configured for http challenge support (.well-known).