Obtaining a wildcard LetsEncrypt cert with Ansible

Earlier this year, LetsEncrypt made their wildcard x509 certificates available to the general public. Whilst this is a massive step forward over individual certificates for each domain, it does come with the overhead of having to distribute the wildcard certificate to the (possibly many) places you would use it. Ignoring that issue for now, I wrote a quick Ansible playbook which uses the dns-01 challenge method and my Memset DNS management modules (available in Ansible 2.6+) to provide the verification.

Without further ado:

Points to note

I’ve deliberately used the staging endpoint provided by LetsEncrypt; the certs this issues won’t be valid for use but it allows you to test your playbook without hitting the account rate limits.

The last two tasks cleanup the account key and DNS challenge record, but only if the certificate was successfully issued.

Testing

There we have it; one wildcard certificate from LetsEncrypt!

Wildcard LetsEncrypt renewal with Ansible and Memset

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.