Class: Ansible::Ruby::Modules::Acme_certificate

Inherits:

Base

• Object
• Ansible::Ruby::Models::Base
• Base
• Ansible::Ruby::Modules::Acme_certificate

Defined in:

lib/ansible/ruby/modules/generated/crypto/acme/letsencrypt.rb,
lib/ansible/ruby/modules/generated/crypto/acme/acme_certificate.rb

Overview

Create and renew SSL/TLS certificates with a CA supporting the L(ACME protocol,tools.ietf.org/html/draft-ietf-acme-acme-14), such as L(Let’s Encrypt,letsencrypt.org/). The current implementation supports the C(http-01), C(dns-01) and C(tls-alpn-01) challenges. To use this module, it has to be executed twice. Either as two different tasks in the same run or during two runs. Note that the output of the first run needs to be recorded and passed to the second run as the module argument C(data). Between these two tasks you have to fulfill the required steps for the chosen challenge by whatever means necessary. For C(http-01) that means creating the necessary challenge file on the destination webserver. For C(dns-01) the necessary dns record has to be created. For C(tls-alpn-01) the necessary certificate has to be created and served. It is I(not) the responsibility of this module to perform these steps. For details on how to fulfill these challenges, you might have to read through L(the main ACME specification,tools.ietf.org/html/draft-ietf-acme-acme-14#section-8) and the L(TLS-ALPN-01 specification,tools.ietf.org/html/draft-ietf-acme-tls-alpn-05#section-3). Also, consider the examples provided for this module.

Instance Method Summary

• #account_email ⇒ String^?

  The email address associated with this account.,It will be used for certificate expiration warnings.,Note that when C(modify_account) is not set to C(no) and you also used the M(acme_account) module to specify more than one contact for your account, this module will update your account and restrict it to the (at most one) contact email address specified here.

• #agreement ⇒ Object^?

  URI to a terms of service document you agree to when using the ACME v1 service at C(acme_directory).,Default is latest gathered from C(acme_directory) URL.,This option will only be used when C(acme_version) is 1.

• #chain_dest ⇒ String^?

  If specified, the intermediate certificate will be written to this file.

• #challenge ⇒ :"http-01", ...

  The challenge to be performed.

• #csr ⇒ String

  File containing the CSR for the new certificate.,Can be created with C(openssl req …).,The CSR may contain multiple Subject Alternate Names, but each one will lead to an individual challenge that must be fulfilled for the CSR to be signed.,I(Note): the private key used to create the CSR I(must not) be the account key.

• #data ⇒ String^?

  The data to validate ongoing challenges.

• #deactivate_authzs ⇒ :yes, ...

  Deactivate authentication objects (authz) after issuing a certificate, or when issuing the certificate failed.,Authentication objects are bound to an account key and remain valid for a certain amount of time, and can be used to issue certificates without having to re-authenticate the domain.

• #dest ⇒ String^?

  The destination file for the certificate.,Required if C(fullchain_dest) is not specified.

• #force ⇒ :yes, ...

  Enforces the execution of the challenge and validation, even if an existing certificate is still valid for more than C(remaining_days).,This is especially helpful when having an updated CSR e.g.

• #fullchain_dest ⇒ String^?

  The destination file for the full chain (i.e. certificate followed by chain of intermediate certificates).,Required if C(dest) is not specified.

• #modify_account ⇒ :yes, ...

  Boolean indicating whether the module should create the account if necessary, and update its contact data.,Set to C(no) if you want to use the M(acme_account) module to manage your account instead, and to avoid accidental creation of a new account using an old key if you changed the account key with M(acme_account).,If set to C(no), C(terms_agreed) and C(account_email) are ignored.

• #remaining_days ⇒ Integer^?

  The number of days the certificate must have left being valid.

• #terms_agreed ⇒ :yes, ...

  Boolean indicating whether you agree to the terms of service document.,ACME servers can require this to be true.,This option will only be used when C(acme_version) is not 1.

Methods inherited from Base

#ansible_name, #to_h

Methods inherited from Ansible::Ruby::Models::Base

attr_option, attr_options, attribute, fix_inclusion, #initialize, remove_existing_validations, #to_h, validates

Constructor Details

This class inherits a constructor from Ansible::Ruby::Models::Base

Instance Method Details

#account_email ⇒ String^?

# File 'lib/ansible/ruby/modules/generated/crypto/acme/letsencrypt.rb', line 15

attribute :account_email

#agreement ⇒ Object^?

# File 'lib/ansible/ruby/modules/generated/crypto/acme/letsencrypt.rb', line 19

attribute :agreement

#chain_dest ⇒ String^?

# File 'lib/ansible/ruby/modules/generated/crypto/acme/letsencrypt.rb', line 50

attribute :chain_dest

#challenge ⇒ :"http-01", ...

# File 'lib/ansible/ruby/modules/generated/crypto/acme/letsencrypt.rb', line 30

attribute :challenge

#csr ⇒ String

# File 'lib/ansible/ruby/modules/generated/crypto/acme/letsencrypt.rb', line 34

attribute :csr

#data ⇒ String^?

# File 'lib/ansible/ruby/modules/generated/crypto/acme/letsencrypt.rb', line 38

attribute :data

#deactivate_authzs ⇒ :yes, ...

# File 'lib/ansible/ruby/modules/generated/crypto/acme/letsencrypt.rb', line 58

attribute :deactivate_authzs

#dest ⇒ String^?

# File 'lib/ansible/ruby/modules/generated/crypto/acme/letsencrypt.rb', line 42

attribute :dest

#force ⇒ :yes, ...

# File 'lib/ansible/ruby/modules/generated/crypto/acme/letsencrypt.rb', line 62

attribute :force

#fullchain_dest ⇒ String^?

# File 'lib/ansible/ruby/modules/generated/crypto/acme/letsencrypt.rb', line 46

attribute :fullchain_dest

#modify_account ⇒ :yes, ...

# File 'lib/ansible/ruby/modules/generated/crypto/acme/letsencrypt.rb', line 26

attribute :modify_account

#remaining_days ⇒ Integer^?

# File 'lib/ansible/ruby/modules/generated/crypto/acme/letsencrypt.rb', line 54

attribute :remaining_days

#terms_agreed ⇒ :yes, ...

# File 'lib/ansible/ruby/modules/generated/crypto/acme/letsencrypt.rb', line 22

attribute :terms_agreed