ads' corner

Create and renew Let's Encrypt certificates using Ansible - and the acme_certificate module

About two years ago I blogged about how to create and renew Let’s Encrypt certificates using Ansible. Back then, the “letsencrypt” module was State of the Art. This changed, and with all the Let’s Encrypt API changes, the Ansible module changed quite a lot, and is now “acme_certificate”. ACME stands for: Automatic Certificate Management Environment, and is the idea that every step along the way of creating and renewing certificates should be automated. No more manual creation of CSR (Certificate Signing Request), sending them per mail or manually uploading them to a CA website, enter your credit card details, and at some point get a mail back with the new signed certificate. All of this (except the credit card - you no longer need one) can be automated, and handled in a matter of seconds.

Time to write an updated blog post for the new module.


Create and renew Let's Encrypt certificates using Ansible

Update: Blog post using the acme_certificate module can be found here.

Ansible comes with a plugin which allows to create and renew Let’s Encrypt certificates. Documentation is sparse, so I decided to post about my own Playbook.