This Ansible role will setup and renew SSL certificates from the Let's Encrypt certificate authority with help of the minimal acme-tiny Python client. It can be used to generate and send the initial certificate request as well as run by e.g. a cron job for regularly renewing the certificate and restart the secured services after the certificate has been replaced.

This role requires at least Ansible v2.8.0. To install it run:

ansible-galaxy install ganto.acme_tiny

The role documentation is available online at gantoacme-tiny.readthedocs.io.

It can be built locally from the docs directory by running:

cd docs && make html

There is a Molecule test profile that can be used to verify the basic functionality of the role. The default scenario is using the podman container driver. If you prefer docker you can select the corresponding scenario with the -s docker molecule arguments.

1. Ensure you have the necessary dependencies installed (e.g. in a Python venv):

pip install -r molecule/default/requirements.txt        # for podman
# or
pip install -r molecule/docker/requirements.txt         # for docker

2. Run the test suite. The options in brackets are optional but useful if you need to troubleshoot issues:

molecule [-vvv] test [--destroy never][-s docker]

3. If you used --destroy never the container will remain after the test run and can be inspected interactively via:

podman exec -it <container-id> /bin/sh                  # for podman
# or
docker exec -it <container-id> /bin/sh                  # for docker

4. Once you're done with inspecting the instance it has to be deleted before a new test run can be started:

molecule destroy [-s docker]

The acme_tiny Ansible role was written by:

• Reto Gantenbein | e-mail | GitHub

License: GPLv3