WarlockFish/fedora-infra_ansible
1
0
Fork 0
mirror of https://pagure.io/fedora-infra/ansible.git synced 2026-05-16 13:56:03 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
96fd17fb7866ec1e15db688f9b8ef61c9dbf120d
fedora-infra_ansible/roles/certbot
History
Ricky Elrod 96fd17fb78 first attempt at certbot role 
Signed-off-by: Ricky Elrod <codeblock@fedoraproject.org>
2016-06-29 14:53:50 +00:00
..
files
first attempt at certbot role
2016-06-29 14:53:50 +00:00
tasks
first attempt at certbot role
2016-06-29 14:53:50 +00:00
README
first attempt at certbot role
2016-06-29 14:53:50 +00:00

README 

First go at a certbot/letsencrypt role for Fedora Infra

To use it:

1) Include the role in your playbook. This will install certbot and put a
   tiny bit of Apache config in place, along with a monthly cron to attempt to
   renew certificates.
2) Add the following lines to your Apache virthost:

  RewriteEngine on
  RewriteRule ^/\.well-known/(.*) /srv/web/acme-challenge/.well-known/$1 [L]

2) ssh to the relevant box

  # TODO: Fix selinux stuff - the cron won't work until it's fixed either.
  service httpd graceful
  setenforce 0
  certbot certonly --manual-public-ip-logging-ok --webroot -w \
    /srv/web/acme-challenge/ -d YOURINSTANCE.fedorainfracloud.org
  setenforce 1
Reference in New Issue View Git Blame Copy Permalink