kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-08-31 07:48:04 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
2aed0f97d2aa294a3054faba814ff1edcef948ac
computer-playbook/roles/sys-svc-certs
History
Kevin Veen-Birkenbach f36c7831b1 Implement dynamic TimeoutStartSec filter for domains and update roles 
- Added new filter plugin 'timeout_start_sec_for_domains' to calculate TimeoutStartSec based on number of domains.
- Updated sys-ctl-hlth-csp and sys-ctl-hlth-webserver tasks to use the filter.
- Removed obsolete systemctl.service.j2 in sys-ctl-hlth-csp.
- Adjusted variable naming (CURRENT_PLAY_DOMAINS_ALL etc.) in multiple roles.
- Updated srv-letsencrypt and sys-svc-certs to use uppercase vars.
- Switched pretix role to sys-stk-full-stateful and removed leftover javascript.js.
- Added unittests for the new filter under tests/unit/filter_plugins.

See conversation: https://chatgpt.com/share/68b1ae9a-1ac0-800f-b49d-2915386a1a23
2025-08-29 15:44:31 +02:00
..
meta
Refactor role naming for TLS and proxy stack
2025-08-29 14:38:20 +02:00
tasks
Implement dynamic TimeoutStartSec filter for domains and update roles
2025-08-29 15:44:31 +02:00
README.md
Refactor role naming for TLS and proxy stack
2025-08-29 14:38:20 +02:00

README.md

Nginx HTTPS Certificate Retrieval

🔥 Description

This role automates the retrieval of Let's Encrypt SSL/TLS certificates using Certbot for domains served via Nginx. It supports both single-domain and wildcard certificates, and can use either the DNS or webroot ACME challenge methods.

📖 Overview

Designed for Archlinux systems, this role handles issuing certificates per domain and optionally cleans up redundant certificates if wildcard certificates are used. It intelligently decides whether to issue a standard or wildcard certificate based on the domain structure and your configuration.

Key Features

  • Single Domain and Wildcard Support: Handles both individual domains and wildcard domains (*.example.com).
  • DNS and Webroot Challenges: Dynamically selects the correct ACME challenge method.
  • Certificate Renewal Logic: Skips renewal if the certificate is still valid.
  • Optional Cleanup: Deletes redundant domain certificates when wildcard certificates are used.
  • Non-Interactive Operation: Fully automated using --non-interactive and --agree-tos.

🎯 Purpose

The Nginx HTTPS Certificate Retrieval role ensures that your Nginx-served domains have valid, automatically issued SSL/TLS certificates, improving web security without manual intervention.

🚀 Features

  • ACME Challenge Selection: Supports DNS plugins or webroot method automatically.
  • Wildcard Certificate Management: Issues wildcard certificates when configured, saving effort for subdomain-heavy deployments.
  • Safe Cleanup: Ensures that no unused certificates are left behind.
  • Flexible Control: Supports MODE_TEST for staging environment testing and MODE_CLEANUP for cert cleanup operations.

🔗 Learn More