Santeri Kainulainen
52578507a1
This commit will also allow Caddy to properly generate certs with longer lifetimes than 12 hours, and by default it has been set to 1 month |
||
|---|---|---|
| defaults | ||
| files/certs | ||
| handlers | ||
| meta | ||
| tasks | ||
| templates | ||
| vars | ||
| README.MD | ||
Kifi Caddy
Installs and configures Caddy for use as a local ACME CA server allowing certificates to be issued in testing. This role should function as of now, but for example certificate lifetime changes don't work (defaults to 12h).
Example usage
In your playbook, define the role and config paths. Most likely the defaults are fine, so you can just simply add the role. Remember to add this before any certbot role. The ACME server is hosted at port 8443. You can also change the templates/Caddyfile.j2 to fit your own needs.
Example for tilastot.kirjastot.fi.local:
- role: kifi.caddy
caddy_config_path: /etc/caddy/Caddyfile
caddy_root: /var/www/caddy
caddy_service_name: caddy
Another example of how to use this in combination with the kifi.certbot role:
tasks:
- name: Run Certbot role
include_role:
name: kifi.certbot
vars:
certbot_disable_certbot_cron: yes
certbot_host_with_certs: tilastot.kirjastot.fi.local
certbot_create_if_missing: yes
certbot_admin_email: tekniikka@kirjastot.fi
certbot_certs:
- domains:
- tilastot.kirjastot.fi.local
certbot_create_command: >
sudo -E REQUESTS_CA_BUNDLE=/var/lib/caddy/.local/share/caddy/pki/authorities/local/root.crt
certbot certonly --server https://localhost:8443/acme/local/directory
--standalone
--email {{ certbot_admin_email }}
--agree-tos
--non-interactive
-d {{ certbot_certs | map(attribute='domains') | flatten | join(' -d ') }}
tags: certbot, ssl
Note that the domains get looped over, so you can have multiple of them. Certificates for domains can be found in the folder /etc/letsencrypt/live/domainname though it might be wise to change this
Dependencies
nvjacobo.caddy - Used for installing Caddy