Certbot Reaper
Description
This Ansible role automates the process of detecting, revoking, and deleting unused Let's Encrypt certificates. It leverages the certreap tool to identify which certificates are no longer referenced by any active NGINX configuration and removes them accordingly.
Overview
Optimized for Archlinux, this role installs the certificate cleanup tool, configures a systemd service, and sets up an optional recurring systemd timer for automatic cleanup. It integrates with dependent roles for timer scheduling and system notifications.
Purpose
Certbot Reaper helps you maintain a clean and secure server environment by regularly removing obsolete SSL certificates. This prevents unnecessary renewal attempts, clutter, and potential security risks from stale certificates.
Features
- Certificate Cleanup Tool Installation: Installs certreapusing pkgmgr
- Systemd Service Configuration: Deploys and manages cleanup-certs.cymais.service
- Systemd Timer Scheduling: Optional timer via the systemd-timerrole
- Smart Execution Logic: Ensures idempotent configuration using a run_onceflag
License
This role is licensed under the CyMaIS NonCommercial License (CNCL).
Commercial use is not permitted without explicit permission.