aboutsummaryrefslogtreecommitdiffstatshomepage
path: root/roles/letsencrypt
diff options
context:
space:
mode:
authorEgor Tensin <Egor.Tensin@gmail.com>2023-08-14 02:38:27 +0200
committerEgor Tensin <Egor.Tensin@gmail.com>2023-08-14 02:57:10 +0200
commitdc4dc69b820b1c598eb5de0b26d2e43fb9dc59f8 (patch)
tree2970320489b01eb07ca2004537f6e0d19322c899 /roles/letsencrypt
parentv0.0.11 (diff)
downloadinfra-ansible-dc4dc69b820b1c598eb5de0b26d2e43fb9dc59f8.tar.gz
infra-ansible-dc4dc69b820b1c598eb5de0b26d2e43fb9dc59f8.zip
add a bunch of READMEs for roles
Diffstat (limited to 'roles/letsencrypt')
-rw-r--r--roles/letsencrypt/README.md15
1 files changed, 15 insertions, 0 deletions
diff --git a/roles/letsencrypt/README.md b/roles/letsencrypt/README.md
new file mode 100644
index 0000000..50ca0f6
--- /dev/null
+++ b/roles/letsencrypt/README.md
@@ -0,0 +1,15 @@
+This role installs certbot and requests certificates from Let's Encrypt.
+
+It uses the [DNS-01 challenge type] instead of the usual thing where it puts
+a file in your web server's root directory. That way, you don't need to launch
+the web server at all to obtain the certificates; most often, the configured
+web server would fail to start at all at first launch since the certificates
+are missing.
+
+[DNS-01 challenge type]: https://letsencrypt.org/docs/challenge-types/
+
+Using the DNS challenge, the certificates are obtained before starting the web
+server for the first time, which avoids tinkering with its configuration. It
+does come with some downsides: namely, this role explicitly uses certbot's
+DigitalOcean plugin, (because I use DO for my domains); and the access token is
+stored in a .ini file in /root.