ads' corner

Create and renew Let's Encrypt certificates using Ansible - and the acme_certificate module

About two years ago I blogged about how to create and renew Let’s Encrypt certificates using Ansible. Back then, the “letsencrypt” module was State of the Art. This changed, and with all the Let’s Encrypt API changes, the Ansible module changed quite a lot, and is now “acme_certificate”. ACME stands for: Automatic Certificate Management Environment, and is the idea that every step along the way of creating and renewing certificates should be automated. No more manual creation of CSR (Certificate Signing Request), sending them per mail or manually uploading them to a CA website, enter your credit card details, and at some point get a mail back with the new signed certificate. All of this (except the credit card - you no longer need one) can be automated, and handled in a matter of seconds.

Time to write an updated blog post for the new module.

webhook service with TLS and Let's Encrypt certificate

For a number of services, I need a system/service which can receive web hooks, and act when such a trigger is received.

Certificate expiration date in Ansible

In one of my Ansible Playbooks I’m updating Let’s Encrypt certificates. Because the Playbook is rather long, I want to make sure that Ansible is not spending cycles on a certificate which is not about to expire. Hence I wrote a small filter plugin, which receives the certificate path and the number of days the certificate must be still valid.

This plugin is used to filter out any “good” certificate which does not need to be updated.

Create and renew Let's Encrypt certificates using Ansible

Update: Blog post using the acme_certificate module can be found here.

Ansible comes with a plugin which allows to create and renew Let’s Encrypt certificates. Documentation is sparse, so I decided to post about my own Playbook.