Sys-svc-certs Role

Description: No description available

Variables

• author: Kevin Veen-Birkenbach

• description: Automates the retrieval of Let’s Encrypt SSL/TLS certificates for Nginx domains using Certbot, supporting both single-domain and wildcard certificates with DNS and webroot ACME challenges.

• license: Infinito.Nexus NonCommercial License

• license_url: https://s.infinito.nexus/license

• company: Kevin Veen-Birkenbach

Consulting & Coaching Solutions https://www.veen.world

• min_ansible_version: 2.9

• platforms: [{‘name’: ‘Archlinux’, ‘versions’: [‘rolling’]}]

• galaxy_tags: [‘nginx’, ‘certbot’, ‘letsencrypt’, ‘ssl’, ‘tls’, ‘acme’, ‘https’, ‘wildcard’, ‘automation’]

• repository: https://s.infinito.nexus/code

• issue_tracker_url: https://s.infinito.nexus/issues

• documentation: https://docs.infinito.nexus

README

Nginx HTTPS Certificate Retrieval

🔥 Description

This role automates the retrieval of Let’s Encrypt SSL/TLS certificates using Certbot for domains served via Nginx. It supports both single-domain and wildcard certificates, and can use either the DNS or webroot ACME challenge methods.

📖 Overview

Designed for Archlinux systems, this role handles issuing certificates per domain and optionally cleans up redundant certificates if wildcard certificates are used. It intelligently decides whether to issue a standard or wildcard certificate based on the domain structure and your configuration.

Key Features

• Single Domain and Wildcard Support: Handles both individual domains and wildcard domains (*.example.com).

• DNS and Webroot Challenges: Dynamically selects the correct ACME challenge method.

• Certificate Renewal Logic: Skips renewal if the certificate is still valid.

• Optional Cleanup: Deletes redundant domain certificates when wildcard certificates are used.

• Non-Interactive Operation: Fully automated using --non-interactive and --agree-tos.

🎯 Purpose

The Nginx HTTPS Certificate Retrieval role ensures that your Nginx-served domains have valid, automatically issued SSL/TLS certificates, improving web security without manual intervention.

🚀 Features

• ACME Challenge Selection: Supports DNS plugins or webroot method automatically.

• Wildcard Certificate Management: Issues wildcard certificates when configured, saving effort for subdomain-heavy deployments.

• Safe Cleanup: Ensures that no unused certificates are left behind.

• Flexible Control: Supports MODE_TEST for staging environment testing and MODE_CLEANUP for cert cleanup operations.

🔗 Learn More

• Certbot Official Website

• Let’s Encrypt

• Wildcard Certificates (Wikipedia)

• HTTPS (Wikipedia)

• ACME Protocol (Wikipedia)