ansible-roles/ansible-role-certbot-docker

Install Let's Encrypt Certbot Docker Compose project. Uses Certbot container with Gandi LiveDNS authentication plugin.

ansible certbot docker gandi-livedns letsencrypt

Find a file

Djuuu 9247336486 Use docker_compose_cmd		2025-11-24 14:57:53 +01:00
defaults	Init certbot_docker role	2024-11-09 18:05:55 +01:00
meta	Init certbot_docker role	2024-11-09 18:05:55 +01:00
tasks	Use docker_compose_cmd	2025-11-24 14:57:53 +01:00
templates	Use role-relative path in template header	2025-04-08 01:03:30 +02:00
vars	Init certbot_docker role	2024-11-09 18:05:55 +01:00
.ansible-lint	Init certbot_docker role	2024-11-09 18:05:55 +01:00
.ansible-lint-ignore	Init certbot_docker role	2024-11-09 18:05:55 +01:00
LICENSE	Init certbot_docker role	2024-11-09 18:05:55 +01:00
README.md	Pre-build image	2025-04-06 15:16:05 +02:00

README.md

Ansible Role: Certbot-docker

Install Let's Encrypt Certbot Docker Compose project.

Uses Certbot container with Gandi LiveDNS authentication plugin.

Requirements

Requires the following to be installed:

docker
docker compose

Role Variables

Common Docker projects variables:

# Base directory for Docker projects
docker_projects_path: # /var/apps

Available role variables are listed below, along with default values (see defaults/main.yml):

# Docker project variables

certbot_project_name: letsencrypt


# Let's Encrypt project variables

# Certbot default authenticator (webroot | dns-gandi)
certbot_authenticator: webroot

# Email used for registration and recovery contact
certbot_email: you@example.net

# Certificates
letsencrypt_certs: []
#  - name: 'default.net'
#    domains:
#      - 'default.net'
#
#  - name: 'example.net'
#    domains:
#      - 'example.net'
#      - 'www.example.net'
#    authenticator: dns-gandi
#    gandi_key_name: key1

# Gandi access tokens
certbot_gandi_access_tokens: []
#  # single / default key
#  - xxxxxxxx-xxxxxxxx
#
#  # multiple keys
#  - { name: key1, key: xxxxxxxx-xxxxxxxy }
#  - { name: key2, key: xxxxxxxx-xxxxxxxz }

# Number of seconds to wait for DNS propagation
dns_gandi_propagation_seconds: 30

Run options variables:

dry_run: false

Dependencies

This role depends on :

djuuu.docker_project

Example Playbook

Install Let's Encrypt

- hosts: all
  gather_facts: true
  gather_subset:
    - "!all"
    - "!min"
    - user_id

  roles:
    - djuuu.certbot_docker

ansible-playbook install-certbot.yml -e build=true

Generate certificate

- hosts: server
  gather_facts: true
  gather_subset:
    - "!all"
    - "!min"
    - user_id

  tasks:
    - name: Generate certificates
      ansible.builtin.include_role:
        name: djuuu.certbot_docker
        tasks_from: certonly
      loop: "{{ letsencrypt_certs }}"
      loop_control:
        loop_var: cert
      tags: [always]

Certificate names can be used as tags:

ansible-playbook generate-certificates.yml -e dry_run=true -t mydomain.net

License

Beerware License