Skip to content

Latest commit

 

History

History
 
 

https-letsencrypt

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
files
files
 
 
templates
templates
 
 
vars
vars
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
ansible.cfg
ansible.cfg
 
 
inventory.example
inventory.example
 
 
main.yml
main.yml
 
 
requirements.yml
requirements.yml
 
 

README.md

HTTPS Let's Encrypt Demo

This demonstrates generating valid TLS certificates using Let's Encrypt and Certbot on a public web server.

Quick Start Guide

1 - Install dependencies

  1. Install Ansible.
  2. Install role dependencies: ansible-galaxy install -r requirements.yml

2 - Create a publicly-accessible VM/VPS

  1. Create a publicly-accessible VM running Ubuntu 20.04 (on your favorite cloud provider, like AWS, DigitalOcean, etc.).
  2. Point a valid domain name at this server's IP address (e.g. using Route53 or your DNS provider).
  3. Make sure your SSH key is added to your user account, and your account has sudo access.
  4. Make sure you can SSH into the server using ssh [email protected] (where subdomain.example.com is the domain name you have pointed at the server's IP address).

3 - Configure the inventory

Copy the inventory.example to inventory, and change:

  1. The server name under the [letsencrypt] group to the domain name pointed at your new server.
  2. The value for letsencrypt_email to an email address you control.

4 - Run the playbook

Run the Ansible playbook to automatically generate a Let's Encrypt certificate and use it in an example Nginx configuration:

ansible-playbook -i inventory main.yml

5 - Verify the certificate works

After the playbook completes, visit your site at the https URL and verify it works with a valid certificate: https://domain.example.com/

Or use openssl on the command line to verify the certificate details:

openssl s_client -showcerts -connect domain.example.com:443

About the Author

This project was created by Jeff Geerling as an example for Ansible for DevOps.