This Ansible playbook automates the installation and configuration of Lego, a Let's Encrypt client written in Go, to obtain SSL/TLS certificates using DNS-01 challenges.
It currently supports the following DNS providers:
- Cloudflare
- ArvanCloud
- Installs Lego on the target host.
- Automates the DNS-01 ACME challenge.
- Requests and renews SSL/TLS certificates from Let's Encrypt.
- Log in to your Cloudflare account.
- Click on "Manage Account" and then choose "Account API Tokens".
- Click on "Create Token".
- Use the "Edit zone DNS" template.
- Add permissions: Zone:Edit and Zone:Read.
- Save the API token securely.
Follow ArvanCloud documentation to:
- Create a machine user with an API key.
- Create an access policy with the DNS Management permission.
- Add your first host (example below) in:
inventory/hosts.ini- Create a config file by copying:
host_vars/example.yml-
Edit the new file with your own data.
-
Run the playbook:
ansible-playbook -i ./inventory/hosts.ini lego.yml -vvv📂 The new certificates will be stored in:
~/.lego/certificates/Pull requests and issues are welcome!