Sys-ctl-mtn-cert-renew Role

Description: No description available

Variables

• author: Kevin Veen-Birkenbach

• description: Automates Let’s Encrypt SSL/TLS certificate renewals for Nginx using Certbot and systemd services with automatic reloads after successful renewals.

• license: Infinito.Nexus NonCommercial License

• license_url: https://s.infinito.nexus/license

• company: Kevin Veen-Birkenbach

Consulting & Coaching Solutions https://www.veen.world

• min_ansible_version: 2.9

• platforms: [{‘name’: ‘Archlinux’, ‘versions’: [‘rolling’]}]

• galaxy_tags: [‘nginx’, ‘certbot’, ‘ssl’, ‘tls’, ‘letsencrypt’, ‘https’, ‘systemd’, ‘automation’]

• repository: https://s.infinito.nexus/code

• issue_tracker_url: https://s.infinito.nexus/issues

• documentation: https://docs.infinito.nexus

README

Nginx Certbot Automation

🔥 Description

This role automates the setup of an automatic Let’s Encrypt certificate renewal system for Nginx using Certbot. It ensures that SSL/TLS certificates are renewed seamlessly in the background and that Nginx reloads automatically after successful renewals.

📖 Overview

Optimized for Archlinux systems, this role installs the certbot-nginx package, configures a dedicated systemd service for certificate renewal, and integrates with a sys-timer to schedule periodic renewals. After a renewal, Nginx is reloaded to apply the updated certificates immediately.

Key Features

• Automatic Renewal: Schedules unattended certificate renewals using sys-timers.

• Seamless Nginx Reload: Reloads the Nginx service automatically after successful renewals.

• Systemd Integration: Manages renewal operations reliably with systemd and sys-ctl-alm-compose.

• Quiet and Safe Operation: Uses --quiet and --agree-tos flags to ensure non-interactive renewals.

🎯 Purpose

The Nginx Certbot Automation role ensures that Let’s Encrypt SSL/TLS certificates stay valid without manual intervention. It enhances the security and reliability of web services by automating certificate lifecycle management.

🚀 Features

• Certbot-Nginx Package Installation: Installs required certbot plugins for Nginx.

• Custom Systemd Service: Configures a lightweight, dedicated renewal service.

• Timer Setup: Uses sys-timer to run certbot renewals periodically.

• Failure Notification: Integrated with sys-ctl-alm-compose for alerting on failures.

🔗 Learn More

• Certbot Official Website

• Let’s Encrypt

• Systemd (Wikipedia)

• HTTPS (Wikipedia)