|
|
@ -83,19 +83,21 @@ options:
|
|
|
|
used the M(acme_account) module to specify more than one contact
|
|
|
|
used the M(acme_account) module to specify more than one contact
|
|
|
|
for your account, this module will update your account and restrict
|
|
|
|
for your account, this module will update your account and restrict
|
|
|
|
it to the (at most one) contact email address specified here."
|
|
|
|
it to the (at most one) contact email address specified here."
|
|
|
|
|
|
|
|
type: str
|
|
|
|
agreement:
|
|
|
|
agreement:
|
|
|
|
description:
|
|
|
|
description:
|
|
|
|
- "URI to a terms of service document you agree to when using the
|
|
|
|
- "URI to a terms of service document you agree to when using the
|
|
|
|
ACME v1 service at C(acme_directory)."
|
|
|
|
ACME v1 service at C(acme_directory)."
|
|
|
|
- Default is latest gathered from C(acme_directory) URL.
|
|
|
|
- Default is latest gathered from C(acme_directory) URL.
|
|
|
|
- This option will only be used when C(acme_version) is 1.
|
|
|
|
- This option will only be used when C(acme_version) is 1.
|
|
|
|
|
|
|
|
type: str
|
|
|
|
terms_agreed:
|
|
|
|
terms_agreed:
|
|
|
|
description:
|
|
|
|
description:
|
|
|
|
- "Boolean indicating whether you agree to the terms of service document."
|
|
|
|
- "Boolean indicating whether you agree to the terms of service document."
|
|
|
|
- "ACME servers can require this to be true."
|
|
|
|
- "ACME servers can require this to be true."
|
|
|
|
- This option will only be used when C(acme_version) is not 1.
|
|
|
|
- This option will only be used when C(acme_version) is not 1.
|
|
|
|
type: bool
|
|
|
|
type: bool
|
|
|
|
default: 'no'
|
|
|
|
default: no
|
|
|
|
version_added: "2.5"
|
|
|
|
version_added: "2.5"
|
|
|
|
modify_account:
|
|
|
|
modify_account:
|
|
|
|
description:
|
|
|
|
description:
|
|
|
@ -106,12 +108,13 @@ options:
|
|
|
|
using an old key if you changed the account key with M(acme_account)."
|
|
|
|
using an old key if you changed the account key with M(acme_account)."
|
|
|
|
- "If set to C(no), C(terms_agreed) and C(account_email) are ignored."
|
|
|
|
- "If set to C(no), C(terms_agreed) and C(account_email) are ignored."
|
|
|
|
type: bool
|
|
|
|
type: bool
|
|
|
|
default: 'yes'
|
|
|
|
default: yes
|
|
|
|
version_added: "2.6"
|
|
|
|
version_added: "2.6"
|
|
|
|
challenge:
|
|
|
|
challenge:
|
|
|
|
description: The challenge to be performed.
|
|
|
|
description: The challenge to be performed.
|
|
|
|
choices: [ 'http-01', 'dns-01', 'tls-alpn-01' ]
|
|
|
|
type: str
|
|
|
|
default: 'http-01'
|
|
|
|
default: 'http-01'
|
|
|
|
|
|
|
|
choices: [ 'http-01', 'dns-01', 'tls-alpn-01' ]
|
|
|
|
csr:
|
|
|
|
csr:
|
|
|
|
description:
|
|
|
|
description:
|
|
|
|
- "File containing the CSR for the new certificate."
|
|
|
|
- "File containing the CSR for the new certificate."
|
|
|
@ -123,6 +126,7 @@ options:
|
|
|
|
account key. This is a bad idea from a security point of view, and
|
|
|
|
account key. This is a bad idea from a security point of view, and
|
|
|
|
the CA should not accept the CSR. The ACME server should return an
|
|
|
|
the CA should not accept the CSR. The ACME server should return an
|
|
|
|
error in this case."
|
|
|
|
error in this case."
|
|
|
|
|
|
|
|
type: path
|
|
|
|
required: true
|
|
|
|
required: true
|
|
|
|
aliases: ['src']
|
|
|
|
aliases: ['src']
|
|
|
|
data:
|
|
|
|
data:
|
|
|
@ -140,23 +144,27 @@ options:
|
|
|
|
as it causes error messages to be come unusable, and C(data) does
|
|
|
|
as it causes error messages to be come unusable, and C(data) does
|
|
|
|
not contain any information which can be used without having
|
|
|
|
not contain any information which can be used without having
|
|
|
|
access to the account key or which are not public anyway."
|
|
|
|
access to the account key or which are not public anyway."
|
|
|
|
|
|
|
|
type: dict
|
|
|
|
dest:
|
|
|
|
dest:
|
|
|
|
description:
|
|
|
|
description:
|
|
|
|
- "The destination file for the certificate."
|
|
|
|
- "The destination file for the certificate."
|
|
|
|
- "Required if C(fullchain_dest) is not specified."
|
|
|
|
- "Required if C(fullchain_dest) is not specified."
|
|
|
|
|
|
|
|
type: path
|
|
|
|
aliases: ['cert']
|
|
|
|
aliases: ['cert']
|
|
|
|
fullchain_dest:
|
|
|
|
fullchain_dest:
|
|
|
|
description:
|
|
|
|
description:
|
|
|
|
- "The destination file for the full chain (i.e. certificate followed
|
|
|
|
- "The destination file for the full chain (i.e. certificate followed
|
|
|
|
by chain of intermediate certificates)."
|
|
|
|
by chain of intermediate certificates)."
|
|
|
|
- "Required if C(dest) is not specified."
|
|
|
|
- "Required if C(dest) is not specified."
|
|
|
|
|
|
|
|
type: path
|
|
|
|
version_added: 2.5
|
|
|
|
version_added: 2.5
|
|
|
|
aliases: ['fullchain']
|
|
|
|
aliases: ['fullchain']
|
|
|
|
chain_dest:
|
|
|
|
chain_dest:
|
|
|
|
description:
|
|
|
|
description:
|
|
|
|
- If specified, the intermediate certificate will be written to this file.
|
|
|
|
- If specified, the intermediate certificate will be written to this file.
|
|
|
|
aliases: ['chain']
|
|
|
|
type: path
|
|
|
|
version_added: 2.5
|
|
|
|
version_added: 2.5
|
|
|
|
|
|
|
|
aliases: ['chain']
|
|
|
|
remaining_days:
|
|
|
|
remaining_days:
|
|
|
|
description:
|
|
|
|
description:
|
|
|
|
- "The number of days the certificate must have left being valid.
|
|
|
|
- "The number of days the certificate must have left being valid.
|
|
|
@ -165,6 +173,7 @@ options:
|
|
|
|
include C(challenge_data)."
|
|
|
|
include C(challenge_data)."
|
|
|
|
- "To make sure that the certificate is renewed in any case, you can
|
|
|
|
- "To make sure that the certificate is renewed in any case, you can
|
|
|
|
use the C(force) option."
|
|
|
|
use the C(force) option."
|
|
|
|
|
|
|
|
type: int
|
|
|
|
default: 10
|
|
|
|
default: 10
|
|
|
|
deactivate_authzs:
|
|
|
|
deactivate_authzs:
|
|
|
|
description:
|
|
|
|
description:
|
|
|
@ -175,7 +184,7 @@ options:
|
|
|
|
without having to re-authenticate the domain. This can be a security
|
|
|
|
without having to re-authenticate the domain. This can be a security
|
|
|
|
concern."
|
|
|
|
concern."
|
|
|
|
type: bool
|
|
|
|
type: bool
|
|
|
|
default: 'no'
|
|
|
|
default: no
|
|
|
|
version_added: 2.6
|
|
|
|
version_added: 2.6
|
|
|
|
force:
|
|
|
|
force:
|
|
|
|
description:
|
|
|
|
description:
|
|
|
@ -184,7 +193,7 @@ options:
|
|
|
|
- This is especially helpful when having an updated CSR e.g. with
|
|
|
|
- This is especially helpful when having an updated CSR e.g. with
|
|
|
|
additional domains for which a new certificate is desired.
|
|
|
|
additional domains for which a new certificate is desired.
|
|
|
|
type: bool
|
|
|
|
type: bool
|
|
|
|
default: 'no'
|
|
|
|
default: no
|
|
|
|
version_added: 2.6
|
|
|
|
version_added: 2.6
|
|
|
|
'''
|
|
|
|
'''
|
|
|
|
|
|
|
|
|
|
|
@ -890,24 +899,24 @@ def main():
|
|
|
|
argument_spec=dict(
|
|
|
|
argument_spec=dict(
|
|
|
|
account_key_src=dict(type='path', aliases=['account_key']),
|
|
|
|
account_key_src=dict(type='path', aliases=['account_key']),
|
|
|
|
account_key_content=dict(type='str', no_log=True),
|
|
|
|
account_key_content=dict(type='str', no_log=True),
|
|
|
|
account_uri=dict(required=False, type='str'),
|
|
|
|
account_uri=dict(type='str'),
|
|
|
|
modify_account=dict(required=False, type='bool', default=True),
|
|
|
|
modify_account=dict(type='bool', default=True),
|
|
|
|
acme_directory=dict(required=False, default='https://acme-staging.api.letsencrypt.org/directory', type='str'),
|
|
|
|
acme_directory=dict(type='str', default='https://acme-staging.api.letsencrypt.org/directory'),
|
|
|
|
acme_version=dict(required=False, default=1, choices=[1, 2], type='int'),
|
|
|
|
acme_version=dict(type='int', default=1, choices=[1, 2]),
|
|
|
|
validate_certs=dict(required=False, default=True, type='bool'),
|
|
|
|
validate_certs=dict(default=True, type='bool'),
|
|
|
|
account_email=dict(required=False, default=None, type='str'),
|
|
|
|
account_email=dict(type='str'),
|
|
|
|
agreement=dict(required=False, type='str'),
|
|
|
|
agreement=dict(type='str'),
|
|
|
|
terms_agreed=dict(required=False, default=False, type='bool'),
|
|
|
|
terms_agreed=dict(type='bool', default=False),
|
|
|
|
challenge=dict(required=False, default='http-01', choices=['http-01', 'dns-01', 'tls-alpn-01'], type='str'),
|
|
|
|
challenge=dict(type='str', default='http-01', choices=['http-01', 'dns-01', 'tls-alpn-01']),
|
|
|
|
csr=dict(required=True, aliases=['src'], type='path'),
|
|
|
|
csr=dict(type='path', required=True, aliases=['src']),
|
|
|
|
data=dict(required=False, default=None, type='dict'),
|
|
|
|
data=dict(type='dict'),
|
|
|
|
dest=dict(aliases=['cert'], type='path'),
|
|
|
|
dest=dict(type='path', aliases=['cert']),
|
|
|
|
fullchain_dest=dict(aliases=['fullchain'], type='path'),
|
|
|
|
fullchain_dest=dict(type='path', aliases=['fullchain']),
|
|
|
|
chain_dest=dict(required=False, default=None, aliases=['chain'], type='path'),
|
|
|
|
chain_dest=dict(type='path', aliases=['chain']),
|
|
|
|
remaining_days=dict(required=False, default=10, type='int'),
|
|
|
|
remaining_days=dict(type='int', default=10),
|
|
|
|
deactivate_authzs=dict(required=False, default=False, type='bool'),
|
|
|
|
deactivate_authzs=dict(type='bool', default=False),
|
|
|
|
force=dict(required=False, default=False, type='bool'),
|
|
|
|
force=dict(type='bool', default=False),
|
|
|
|
select_crypto_backend=dict(required=False, choices=['auto', 'openssl', 'cryptography'], default='auto', type='str'),
|
|
|
|
select_crypto_backend=dict(type='str', default='auto', choices=['auto', 'openssl', 'cryptography']),
|
|
|
|
),
|
|
|
|
),
|
|
|
|
required_one_of=(
|
|
|
|
required_one_of=(
|
|
|
|
['account_key_src', 'account_key_content'],
|
|
|
|
['account_key_src', 'account_key_content'],
|
|
|
|