7:37 p.m.
Hi all,
since there are some references for acme and letsencrypt in the debops
roles pki and nginx I was wondering if debops actually supports the
generation of letsencrypt certificates (e.g. through an nginx_server role).
If yes: can somebody point me in the right direction?
Sorry, I don't get make head of the documentation in this point.
Kind regards
Jan
8:33 p.m.
On maj 19, Jan Kowalsky wrote:
since there are some references for acme and letsencrypt in the
debops
roles pki and nginx I was wondering if debops actually supports the
generation of letsencrypt certificates (e.g. through an nginx_server role).
If yes: can somebody point me in the right direction?
Sorry, I don't get make head of the documentation in this point.
Yes, Let's Encrypt is supported by DebOps, although it's limited - only
http-01 authentication, so no wildcard certificates.
You can find the details in the documentation here:
https://docs.debops.org/en/master/ansible/roles/pki/acme-integration.html
Basically, if a host has a public IP address and a DNS domain points to it,
you should be able to get the ACME certificates by applying the 'nginx' and
'pki' roles, in that order. For the 'pki' role, you need to configure a
PKI
realm with a desired domain - for example if you want the ACME certificate to
be the same as the host's FQDN, you can put in the inventory:
#v+
---
pki_realms:
- name: '{{ ansible_fqdn }}'
#v-
This will create the new PKI realm, and if the 'nginx' role was applied on the
host, the 'pki' role will attempt to get the Let's Encrypt certificate for
it.
You can see the result in the '/etc/pki/realms/<fqdn>/acme/' directory. If
something doesn't work, check what happened in the 'acme/error.log' file, fix
the issue, remove the entire realm (easiest) and re-run the 'pki' role.
Good luck,
Maciej
1677
days inactive
1677
days old
1 comments
2 participants
participants (2)
-
Jan Kowalsky -
Maciej Delmanowski