diff options
Diffstat (limited to 'roles/letsencrypt')
| -rw-r--r-- | roles/letsencrypt/README.md | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/roles/letsencrypt/README.md b/roles/letsencrypt/README.md new file mode 100644 index 0000000..50ca0f6 --- /dev/null +++ b/roles/letsencrypt/README.md @@ -0,0 +1,15 @@ +This role installs certbot and requests certificates from Let's Encrypt. + +It uses the [DNS-01 challenge type] instead of the usual thing where it puts +a file in your web server's root directory. That way, you don't need to launch +the web server at all to obtain the certificates; most often, the configured +web server would fail to start at all at first launch since the certificates +are missing. + +[DNS-01 challenge type]: https://letsencrypt.org/docs/challenge-types/ + +Using the DNS challenge, the certificates are obtained before starting the web +server for the first time, which avoids tinkering with its configuration. It +does come with some downsides: namely, this role explicitly uses certbot's +DigitalOcean plugin, (because I use DO for my domains); and the access token is +stored in a .ini file in /root. |