Example how to use Ansible module community.crypto.acme_certificate
.
This example asumes that playbook is executed on system where HTTP server is runnig and that user executing it has permisons to write into acme_web_dir
, see source.
ansible-playbook -e acme_domain=microsoft.com -e @vars/lets-encrypt-staging.yml -e [email protected] playbook.yml
This will try to create certificate with cn=microsoft.com
and subjAltNames=['microsoft.com', 'www.microsoft.com']
and it will fail during challenge creation with error The ACME server refuses to issue a certificate for this domain name, because it is forbidden by policy
.
Try it with hostname of system you are executing playbook on, if you are running HTTP server.
ansible-playbook -e @vars/zero-ssl.yml -e acme_domain=microsoft.com -e [email protected] playbook.yml
If you want to use ZeroSSL you need to sign-up there first, than create file vars/zero-ssl.private
with content:
kid:
key:
alg: HS256
and put there key id
and key
from developer section on ZeroSSL.
ansible-playbook -e acme_domain=semik.doma.3key.test -e @vars/czertainly.yml -e [email protected] -e 'acme_method=dns-01' playbook.yml
For DNS method you have to provide DNS server capable of dynamic updates, put needed parameters into var/czertainly.private file:
server: 123.123.123.123
key_algorithm: "hmac-sha512"
key_name: "key"
key_secret: "secret"
To complicated? You can use acme.sh it is written in shell and has much broader support for free SSL certificate priders.