This collection manages ACME certificates.

• Ansible >= 2.9
• Python >= 3 (if you want to use http-challenge via S3)

These modules are distributed as collections. To install them, run:

ansible-galaxy collection install telekom_mms.acme

Alternatively put the collection into a requirements.yml-file:

---
collections:
- telekom_mms.acme

Role acme for issuing certificates from a certificate authority which implements the ACME protocol. Please see documentation for variables, usage and further information for all the different providers.

We automatically test key-creation and csr-creation, the local http-provider and test the challenge with the local pebble provider.

Automatically testing the various dns-challenge providers is hard, because we'd need to maintain accounts and zones on them (and pay for them). We'd also need to store credentials in CI which is a security risk.

Here we list ways to manually test the dns-providers if you have access:

• Hetzner

ansible-playbook tests/integration/targets/acme_letsencrypt/dns-challenge-hetzner.yml -e acme_hetzner_auth_token=YOUR_AUTH_TOKEN -e hetzner_domain_name="example.com" -e hetzner_zone="example.com"

• Domain-Offensive

ansible-playbook tests/integration/targets/acme_letsencrypt/dns-challenge-domain-offensive.yml -e acme_dns_password=YOUR_DO_AUTH_TOKEN -e domain_offensive_zone="example.com" -e domain_offensive_domain_name="example.com"

GPLv3

• Sebastian Gumprich
• Andreas Hering