This collection manages ACME certificates.
- Ansible >= 2.9
- Python >= 3 (if you want to use http-challenge via S3)
These modules are distributed as collections. To install them, run:
ansible-galaxy collection install telekom_mms.acmeAlternatively put the collection into a requirements.yml-file:
---
collections:
- telekom_mms.acmeRole acme for issuing certificates from a certificate authority which implements the ACME protocol.
Please see documentation for variables, usage and further information for all the different providers.
We automatically test key-creation and csr-creation, the local http-provider and test the challenge with the local pebble provider.
Automatically testing the various dns-challenge providers is hard, because we'd need to maintain accounts and zones on them (and pay for them). We'd also need to store credentials in CI which is a security risk.
Here we list ways to manually test the dns-providers if you have access:
- Hetzner
ansible-playbook tests/integration/targets/acme_letsencrypt/dns-challenge-hetzner.yml -e acme_hetzner_auth_token=YOUR_AUTH_TOKEN -e hetzner_domain_name="example.com" -e hetzner_zone="example.com"
- Domain-Offensive
ansible-playbook tests/integration/targets/acme_letsencrypt/dns-challenge-domain-offensive.yml -e acme_dns_password=YOUR_DO_AUTH_TOKEN -e domain_offensive_zone="example.com" -e domain_offensive_domain_name="example.com"
GPLv3
- Sebastian Gumprich
- Andreas Hering