Set of fixes to make the provisioning of DO999 and DO280 courses compatible...

Razique Mahroua

2020-03-18 b85c91a8192593f6b62f93e11c971868964343a9

 ansible/roles/host-lets-encrypt-certs/README.md

@@ -24,10 +24,12 @@
|*acme_aws_secret_access_key*|No| "" |AWS Secret Access Key for Route53  (Only for Wildcard Domains)
|*acme_additional_args*|No |"" |Additional arguments for the Acme script
|*acme_remote_dir*|Yes| "/root"| The directoroy on the remote host in which to install acme.sh
|*acme_install_dir*|Yes| "/root/certificates"| The directory on the remote host in which to install the requested certificates into
|*acme_cache_cert_file*|Yes| "/tmp/ssl.cert"| Local Cache File for Certificate
|*acme_cache_key_file*|Yes| "/tmp/ssl.key"|Local Cache File for Key
|*acme_cache_ca_file*|Yes| "/tmp/ssl_ca.cer"|Local Cache File for CA Certificate
|*acme_archive_file*|Yes| "/tmp/acme.tar.gz"| Local (to the host ansible is running on) cache of certificates. Prevents re-requesting certificates for later runs of the playbook when the domains haven't changed. acme.tar.gz will contain the entire .acme.sh directory so that it can be restored for future runs on new machines with the same domain names.
|*acme_cache_fullchain_file*|Yes| "/tmp/fullchain.cer"|Local Cache File for the Fullchain Certificate
|*acme_cache_archive_file*|Yes| "/tmp/acme.tar.gz"| Local (to the host ansible is running on) cache of certificates. Prevents re-requesting certificates for later runs of the playbook when the domains haven't changed. acme.tar.gz will contain the entire .acme.sh directory so that it can be restored for future runs on new machines with the same domain names.
|*acme_production*|Yes|False|Use the Production Let's Encrypt Server. Leave to False for testing runs to prevent issues with the Let's Encrypt rate limits
|*acme_renew_automatically*|Yes|False|Install a cron job to automatically renew Certificates. Checks once a day.
|*acme_force_issue*|Yes|False|Force the creation of new certificates even if there are certificates already on the host or certificates in the local cache
@@ -55,9 +57,11 @@
    - acme_domain: "master.example.opentlc.com"
    - acme_production: False
    - acme_remote_dir: "/root"
    - acme_local_cache_cert_file: "/tmp/server.cert"
    - acme_local_cache_key_file: "/tmp/server.key"
    - acme_local_cache_ca_file: "/tmp/server_ca.cer"
    - acme_cache_cert_file: "/tmp/server.cert"
    - acme_cache_key_file: "/tmp/server.key"
    - acme_cache_ca_file: "/tmp/server_ca.cer"
    - acme_cache_fullchain_file: "/tmp/fullchain.cer"
    - acme_cache_archive_file: "/tmp/acme.tar.gz"
    - acme_renew_automatically: False
    - acme_force_issue: False

@@ -74,9 +78,11 @@
    - acme_aws_secret_access_key: "<AWS_SECRET_ACCESS_KEY>"
    - acme_production: False
    - acme_remote_dir: "/root"
    - acme_local_cache_cert_file: "/tmp/server.cert"
    - acme_local_cache_key_file: "/tmp/server.key"
    - acme_local_cache_ca_file: "/tmp/server_ca.cer"
    - acme_cache_cert_file: "/tmp/server.cert"
    - acme_cache_key_file: "/tmp/server.key"
    - acme_cache_ca_file: "/tmp/server_ca.cer"
    - acme_cache_fullchain_file: "/tmp/fullchain.cer"
    - acme_cache_archive_file: "/tmp/acme.tar.gz"
    - acme_renew_automatically: False
    - acme_force_issue: False

@@ -94,9 +100,11 @@
    - acme_aws_secret_access_key: "<AWS_SECRET_ACCESS_KEY>"
    - acme_production: False
    - acme_remote_dir: "/root"
    - acme_local_cache_cert_file: "/tmp/server.cert"
    - acme_local_cache_key_file: "/tmp/server.key"
    - acme_local_cache_ca_file: "/tmp/server_ca.cer"
    - acme_cache_cert_file: "/tmp/server.cert"
    - acme_cache_key_file: "/tmp/server.key"
    - acme_cache_ca_file: "/tmp/server_ca.cer"
    - acme_cache_fullchain_file: "/tmp/fullchain.cer"
    - acme_cache_archive_file: "/tmp/acme.tar.gz"
    - acme_renew_automatically: False
    - acme_force_issue: False
```