39 lines
1.4 KiB
ReStructuredText
39 lines
1.4 KiB
ReStructuredText
Generate letsencrypt certificates
|
|
|
|
This must run after the ``letsencrypt-install-acme-sh``,
|
|
``letsencrypt-request-certs`` and ``letsencrypt-install-txt-records``
|
|
roles. It will run the ``acme.sh`` process to create the certificates
|
|
on the host.
|
|
|
|
**Role Variables**
|
|
|
|
.. zuul:rolevar:: letsencrypt_self_sign_only
|
|
:default: False
|
|
|
|
If set to True, will locally generate self-signed certificates in
|
|
the same locations the real script would, instead of contacting
|
|
letsencrypt. This is set during gate testing as the
|
|
authentication tokens are not available.
|
|
|
|
.. zuul:rolevar:: letsencrypt_self_generate_tokens
|
|
:default: False
|
|
|
|
When set to ``True``, self-generate fake DNS-01 TXT tokens rather
|
|
than acquiring them through the ACME process with letsencrypt.
|
|
This avoids leaving "half-open" challenges during gate testing,
|
|
where we have no way to publish the DNS TXT records letsencrypt
|
|
gives us to complete the certificate issue. This should be
|
|
``True`` if ``letsencrypt_self_sign_only`` is ``True`` (unless you
|
|
wish to specifically test the ``acme.sh`` operation).
|
|
|
|
.. zuul:rolevar:: letsencrypt_use_staging
|
|
:default: False
|
|
|
|
If set to True will use the letsencrypt staging environment, rather
|
|
than make production requests. Useful during initial provisioning
|
|
of hosts to avoid affecting production quotas.
|
|
|
|
.. zuul:rolevar:: letsencrypt_certs
|
|
|
|
The same variable as described in ``letsencrypt-request-certs``.
|