kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-10-31 18:29:21 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
1b91ddeac2329c1816c22781aea56a288da6b143
computer-playbook/roles/sys-svc-letsencrypt/README.md

24 lines
1.3 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Lets Encrypt SSL for Nginx 🔐
## Description
Automates obtaining, configuring, and renewing Lets Encrypt SSL certificates for Nginx with Certbot. Keeps your sites secure with minimal fuss! 🌐
## Overview
This Ansible role sets up the necessary Nginx configuration and Certbot integration to:
- Redirect HTTP traffic to HTTPS
- Serve the ACME challenge for certificate issuance
- Apply strong SSL/TLS defaults
- Schedule automatic renewals
Its idempotent: configuration and certificate tasks only run when needed. ✅
## Purpose
Ensure all your Nginx-hosted sites use free, trusted SSL certificates from Lets Encrypt—all managed automatically via Ansible. 🎯
## Features
- **Automatic Certificate Issuance**: Uses Certbots webroot plugin to request and install certificates. 📜
- **Nginx Redirect**: Creates a temporary HTTP → HTTPS redirect block. ↪️
- **ACMEChallenge Handling**: Configures `/.well-known/acme-challenge/` for Certbot validation. 🔍
- **Secure SSL Defaults**: Includes modern cipher suites, HSTS, OCSP stapling, and session settings. 🔒
- **AutoRenewal**: Leverages system scheduling (cron or systemd timer) to renew certs before expiration. 🔄
- **OneTime Setup**: Tasks guarded by a “run once” fact to avoid re-applying unchanged templates. 🏃‍♂️
Reference in New Issue View Git Blame Copy Permalink