Ansible Playbook申请Let's Encrypt证书

---
- name: Let's Encrypt CA CentOS 7.3[0.0.1] @LastModify 2018-11-13
  hosts: all
  gather_facts: yes
  vars:
    domain: www.***.com
    mail: ****@qq.com

  tasks:
  - yum: name=yum-utils state=latest
  - shell: yum-config-manager --enable rhui-REGION-rhel-server-extras rhui-REGION-rhel-server-optional
  - yum: name=python2-certbot-nginx state=latest
  - cron:
      name: "let's encrypt cron"
      minute: "0"
      hour: "0,12"
      job: "python -c 'import random; import time; time.sleep(random.random() * 3600)' && certbot renew --rsa-key-size 4096"
  - name: certbot --rsa-key-size 4096 --nginx -d {{ domain }} --agree-tos --email {{ mail }} --no-bootstrap --server https://acme-v02.api.letsencrypt.org/directory
    shell: certbot --rsa-key-size 4096 --nginx -d {{ domain }} --agree-tos --email {{ mail }} --no-bootstrap --server https://acme-v02.api.letsencrypt.org/directory
    ignore_errors: yes
  - name: test renew
    shell: certbot renew --dry-run
    ignore_errors: yes
  # - shell: openssl dhparam -out /etc/letsencrypt/live/{{domain}}/dhparams.pem 4096

运维 10 Nginx 3 Ansible 5 CentOS 5

Roy May 8, 2019

Lab 023

Ansible Playbook申请Let's Encrypt证书