Skip to content

Create and renew Let's Encrypt certificates using Ansible - and the acme_certificate module

About two years ago I blogged about how to create and renew Let's Encrypt certificates using Ansible. Back then, the "letsencrypt" module was State of the Art. This changed, and with all the Let's Encrypt API changes, the Ansible module changed quite a lot, and is now "acme_certificate". ACME stands for: Automatic Certificate Management Environment, and is the idea that every step along the way of creating and renewing certificates should be automated. No more manual creation of CSR (Certificate Signing Request), sending them per mail or manually uploading them to a CA website, enter your credit card details, and at some point get a mail back with the new signed certificate. All of this (except the credit card - you no longer need one) can be automated, and handled in a matter of seconds.

Time to write an updated blog post for the new module.

 

Continue reading "Create and renew Let's Encrypt certificates using Ansible - and the acme_certificate module"
  • Twitter
  • Bookmark Create and renew Let's Encrypt certificates using Ansible - and the acme_certificate module at del.icio.us
  • Facebook
  • Google Bookmarks
  • FriendFeed
  • Digg Create and renew Let's Encrypt certificates using Ansible - and the acme_certificate module
  • Bloglines Create and renew Let's Encrypt certificates using Ansible - and the acme_certificate module
  • Technorati Create and renew Let's Encrypt certificates using Ansible - and the acme_certificate module
  • Fark this: Create and renew Let's Encrypt certificates using Ansible - and the acme_certificate module
  • Bookmark Create and renew Let's Encrypt certificates using Ansible - and the acme_certificate module at YahooMyWeb
  • Bookmark Create and renew Let's Encrypt certificates using Ansible - and the acme_certificate module at Furl.net
  • Bookmark Create and renew Let's Encrypt certificates using Ansible - and the acme_certificate module at reddit.com
  • Bookmark Create and renew Let's Encrypt certificates using Ansible - and the acme_certificate module at blinklist.com
  • Bookmark Create and renew Let's Encrypt certificates using Ansible - and the acme_certificate module at Spurl.net
  • Bookmark Create and renew Let's Encrypt certificates using Ansible - and the acme_certificate module at Simpy.com
  • Bookmark Create and renew Let's Encrypt certificates using Ansible - and the acme_certificate module at blogmarks
  • Bookmark Create and renew Let's Encrypt certificates using Ansible - and the acme_certificate module with wists
  • wong it!
  • Bookmark using any bookmark manager!
  • Stumble It!
  • Identi.ca

webhook service with TLS and Let's Encrypt certificate

For a number of services, I need a system/service which can receive web hooks, and act when such a trigger is received.

Just a few examples:

  • GitHub can send web hooks when something changes in a repo (in any repository you administer, go to "Settings" -> "Webhooks", and add your own hook)
  • Tasker for Android can send HTTP(s) requests
  • JIRA can send web hooks when certain events occur
  • openHAB can send messages to other services

Now it would be useful to have your own receiver for web hooks, and run any task you want. There are a number of tools out there, which can solve this problem. I settled with "webhook". In addition, I deploy everything using Ansible, therefore I had to write a bit of code in order to automate this process.

 

Continue reading "webhook service with TLS and Let's Encrypt certificate"
  • Twitter
  • Bookmark webhook service with TLS and Let's Encrypt certificate at del.icio.us
  • Facebook
  • Google Bookmarks
  • FriendFeed
  • Digg webhook service with TLS and Let's Encrypt certificate
  • Bloglines webhook service with TLS and Let's Encrypt certificate
  • Technorati webhook service with TLS and Let's Encrypt certificate
  • Fark this: webhook service with TLS and Let's Encrypt certificate
  • Bookmark webhook service with TLS and Let's Encrypt certificate at YahooMyWeb
  • Bookmark webhook service with TLS and Let's Encrypt certificate at Furl.net
  • Bookmark webhook service with TLS and Let's Encrypt certificate at reddit.com
  • Bookmark webhook service with TLS and Let's Encrypt certificate at blinklist.com
  • Bookmark webhook service with TLS and Let's Encrypt certificate at Spurl.net
  • Bookmark webhook service with TLS and Let's Encrypt certificate at Simpy.com
  • Bookmark webhook service with TLS and Let's Encrypt certificate at blogmarks
  • Bookmark webhook service with TLS and Let's Encrypt certificate with wists
  • wong it!
  • Bookmark using any bookmark manager!
  • Stumble It!
  • Identi.ca

Certificate expiration date in Ansible

In one of my Ansible Playbooks I'm updating Let's Encrypt certificates. Because the Playbook is rather long, I want to make sure that Ansible is not spending cycles on a certificate which is not about to expire. Hence I wrote a small filter plugin, which receives the certificate path and the number of days the certificate must be still valid.

This plugin is used to filter out any "good" certificate which does not need to be updated.

 

Continue reading "Certificate expiration date in Ansible"
  • Twitter
  • Bookmark Certificate expiration date in Ansible at del.icio.us
  • Facebook
  • Google Bookmarks
  • FriendFeed
  • Digg Certificate expiration date in Ansible
  • Bloglines Certificate expiration date in Ansible
  • Technorati Certificate expiration date in Ansible
  • Fark this: Certificate expiration date in Ansible
  • Bookmark Certificate expiration date in Ansible at YahooMyWeb
  • Bookmark Certificate expiration date in Ansible at Furl.net
  • Bookmark Certificate expiration date in Ansible at reddit.com
  • Bookmark Certificate expiration date in Ansible at blinklist.com
  • Bookmark Certificate expiration date in Ansible at Spurl.net
  • Bookmark Certificate expiration date in Ansible at Simpy.com
  • Bookmark Certificate expiration date in Ansible at blogmarks
  • Bookmark Certificate expiration date in Ansible with wists
  • wong it!
  • Bookmark using any bookmark manager!
  • Stumble It!
  • Identi.ca

Create and renew Let's Encrypt certificats using Ansible

Update: Blog post using the "acme_certificate" module can be found here.

Ansible comes with a plugin which allows to create and renew Let's Encrypt certificates. Documentation is sparse, so I decided to post about my own Playbook.

 

 

Continue reading "Create and renew Let's Encrypt certificats using Ansible"
  • Twitter
  • Bookmark Create and renew Let's Encrypt certificats using Ansible at del.icio.us
  • Facebook
  • Google Bookmarks
  • FriendFeed
  • Digg Create and renew Let's Encrypt certificats using Ansible
  • Bloglines Create and renew Let's Encrypt certificats using Ansible
  • Technorati Create and renew Let's Encrypt certificats using Ansible
  • Fark this: Create and renew Let's Encrypt certificats using Ansible
  • Bookmark Create and renew Let's Encrypt certificats using Ansible at YahooMyWeb
  • Bookmark Create and renew Let's Encrypt certificats using Ansible at Furl.net
  • Bookmark Create and renew Let's Encrypt certificats using Ansible at reddit.com
  • Bookmark Create and renew Let's Encrypt certificats using Ansible at blinklist.com
  • Bookmark Create and renew Let's Encrypt certificats using Ansible at Spurl.net
  • Bookmark Create and renew Let's Encrypt certificats using Ansible at Simpy.com
  • Bookmark Create and renew Let's Encrypt certificats using Ansible at blogmarks
  • Bookmark Create and renew Let's Encrypt certificats using Ansible with wists
  • wong it!
  • Bookmark using any bookmark manager!
  • Stumble It!
  • Identi.ca