About two years ago I blogged about how to create and renew Let's Encrypt certificates using Ansible. Back then, the "letsencrypt" module was State of the Art. This changed, and with all the Let's Encrypt API changes, the Ansible module changed quite a lot, and is now "acme_certificate". ACME stands for: Automatic Certificate Management Environment, and is the idea that every step along the way of creating and renewing certificates should be automated. No more manual creation of CSR (Certificate Signing Request), sending them per mail or manually uploading them to a CA website, enter your credit card details, and at some point get a mail back with the new signed certificate. All of this (except the credit card - you no longer need one) can be automated, and handled in a matter of seconds.
Time to write an updated blog post for the new module.
Continue reading "Create and renew Let's Encrypt certificates using Ansible - and the acme_certificate module"
For a number of services, I need a system/service which can receive web hooks, and act when such a trigger is received.
Just a few examples:
- GitHub can send web hooks when something changes in a repo (in any repository you administer, go to "Settings" -> "Webhooks", and add your own hook)
- Tasker for Android can send HTTP(s) requests
- JIRA can send web hooks when certain events occur
- openHAB can send messages to other services
Now it would be useful to have your own receiver for web hooks, and run any task you want. There are a number of tools out there, which can solve this problem. I settled with "webhook". In addition, I deploy everything using Ansible, therefore I had to write a bit of code in order to automate this process.
Continue reading "webhook service with TLS and Let's Encrypt certificate"
In one of my Ansible Playbooks I'm updating Let's Encrypt certificates. Because the Playbook is rather long, I want to make sure that Ansible is not spending cycles on a certificate which is not about to expire. Hence I wrote a small filter plugin, which receives the certificate path and the number of days the certificate must be still valid.
This plugin is used to filter out any "good" certificate which does not need to be updated.
Continue reading "Certificate expiration date in Ansible"
Update: Blog post using the "acme_certificate" module can be found here.
Ansible comes with a plugin which allows to create and renew Let's Encrypt certificates. Documentation is sparse, so I decided to post about my own Playbook.
Continue reading "Create and renew Let's Encrypt certificats using Ansible"