internet/community.crypto
3
0
Fork 0
mirror of https://github.com/ansible-collections/community.crypto.git synced 2026-05-08 14:22:56 +00:00
Code Issues Packages Projects Releases Wiki Activity

deploy: 79c49f5b75

Browse Source
This commit is contained in:
felixfontein
2025-10-29 20:25:10 +00:00
parent f00a6412b7
commit 04a0898b82
14 changed files with 43 additions and 63 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
branch/stable-2/acme_certificate_order_create_module.html
View File

@@ -207,7 +207,7 @@ see <a class="reference internal" href="#ansible-collections-community-crypto-ac
<section id="synopsis">
<h2><a class="toc-backref" href="#id1" role="doc-backlink">Synopsis</a><a class="headerlink" href="#synopsis" title="Link to this heading"></a></h2>
<ul class="simple">
<li><p>Creates an ACME v2 order. This is the first step of obtaining a new certificate with the <a class="reference external" href="https://tools.ietf.org/html/rfc8555">ACME protocol</a> from a Certificate Authority such as <a class="reference external" href="https://letsencrypt.org/">Lets Encrypt</a> or <a class="reference external" href="https://www.buypass.com/">Buypass</a>. This module does not support ACME v1, the original version of the ACME protocol before standardization.</p></li>
<li><p>Creates an ACME v2 order. This is the first step of obtaining a new certificate with the <a class="reference external" href="https://tools.ietf.org/html/rfc8555">ACME protocol</a> from a Certificate Authority such as <a class="reference external" href="https://letsencrypt.org/">Lets Encrypt</a>. This module does not support ACME v1, the original version of the ACME protocol before standardization.</p></li>
<li><p>The current implementation supports the <code class="ansible-value docutils literal notranslate"><span class="pre">http-01</span></code>, <code class="ansible-value docutils literal notranslate"><span class="pre">dns-01</span></code> and <code class="ansible-value docutils literal notranslate"><span class="pre">tls-alpn-01</span></code> challenges.</p></li>
<li><p>This module needs to be used in conjunction with the <a class="reference internal" href="acme_certificate_order_validate_module.html#ansible-collections-community-crypto-acme-certificate-order-validate-module"><span class="std std-ref">community.crypto.acme_certificate_order_validate</span></a> and. <a class="reference internal" href="acme_certificate_order_finalize_module.html#ansible-collections-community-crypto-acme-certificate-order-finalize-module"><span class="std std-ref">community.crypto.acme_certificate_order_finalize</span></a> module. An order can be effectively deactivated with the <a class="reference internal" href="acme_certificate_deactivate_authz_module.html#ansible-collections-community-crypto-acme-certificate-deactivate-authz-module"><span class="std std-ref">community.crypto.acme_certificate_deactivate_authz</span></a> module. Note that both modules require the output <code class="ansible-return-value docutils literal notranslate"><a class="reference internal" href="#ansible-collections-community-crypto-acme-certificate-order-create-module-return-order-uri"><span class="std std-ref"><span class="pre">order_uri</span></span></a></code> of this module.</p></li>
<li><p>To create or modify ACME accounts, use the <a class="reference internal" href="acme_account_module.html#ansible-collections-community-crypto-acme-account-module"><span class="std std-ref">community.crypto.acme_account</span></a> module. This module will <em>not</em> create or update ACME accounts.</p></li>
@@ -280,9 +280,8 @@ see <a class="reference internal" href="#ansible-collections-community-crypto-ac
</div></td>
<td><div class="ansible-option-cell"><p>The ACME directory to use. This is the entry point URL to access the ACME CA server API.</p>
<p>For safety reasons the default is set to the Lets Encrypt staging server (for the ACME v1 protocol). This will create technically correct, but untrusted certificates.</p>
<p>For Lets Encrypt, all staging endpoints can be found here: <a class="reference external" href="https://letsencrypt.org/docs/staging-environment/">https://letsencrypt.org/docs/staging-environment/</a>. For Buypass, all endpoints can be found here: <a class="reference external" href="https://community.buypass.com/t/63d4ay/buypass-go-ssl-endpoints">https://community.buypass.com/t/63d4ay/buypass-go-ssl-endpoints</a>.</p>
<p>For Lets Encrypt, all staging endpoints can be found here: <a class="reference external" href="https://letsencrypt.org/docs/staging-environment/">https://letsencrypt.org/docs/staging-environment/</a>.</p>
<p>For <strong>Lets Encrypt</strong>, the production directory URL for ACME v2 is <a class="reference external" href="https://acme-v02.api.letsencrypt.org/directory">https://acme-v02.api.letsencrypt.org/directory</a>.</p>
<p>For <strong>Buypass</strong>, the production directory URL for ACME v2 and v1 is <a class="reference external" href="https://api.buypass.com/acme/directory">https://api.buypass.com/acme/directory</a>.</p>
<p>For <strong>ZeroSSL</strong>, the production directory URL for ACME v2 is <a class="reference external" href="https://acme.zerossl.com/v2/DV90">https://acme.zerossl.com/v2/DV90</a>.</p>
<p>For <strong>Sectigo</strong>, the production directory URL for ACME v2 is <a class="reference external" href="https://acme-qa.secure.trust-provider.com/v2/DV">https://acme-qa.secure.trust-provider.com/v2/DV</a>.</p>
<p>For <strong>HARICA</strong>, the production directory URL for ACME v2 is <a class="reference external" href="https://acme.harica.gr/XXX/directory">https://acme.harica.gr/XXX/directory</a> with XXX being specific to your account.</p>
@@ -479,8 +478,8 @@ If <code class="ansible-option docutils literal notranslate"><strong><a class="r
<div class="admonition note">
<p class="admonition-title">Note</p>
<ul class="simple">
<li><p>Although the defaults are chosen so that the module can be used with the <a class="reference external" href="https://letsencrypt.org/">Lets Encrypt</a> CA, the module can in principle be used with any CA providing an ACME endpoint, such as <a class="reference external" href="https://www.buypass.com/ssl/products/acme">Buypass Go SSL</a>.</p></li>
<li><p>So far, the ACME modules have only been tested by the developers against Lets Encrypt (staging and production), Buypass (staging and production), ZeroSSL (production), and <a class="reference external" href="https://github.com/letsencrypt/Pebble">Pebble testing server</a>. We have got community feedback that they also work with Sectigo ACME Service for InCommon and with HARICA. If you experience problems with another ACME server, please <a class="reference external" href="https://github.com/ansible-collections/community.crypto/issues/new/choose">create an issue</a> to help us supporting it. Feedback that an ACME server not mentioned does work is also appreciated.</p></li>
<li><p>Although the defaults are chosen so that the module can be used with the <a class="reference external" href="https://letsencrypt.org/">Lets Encrypt</a> CA, the module can in principle be used with any CA providing an ACME endpoint.</p></li>
<li><p>So far, the ACME modules have only been tested by the developers against Lets Encrypt (staging and production), ZeroSSL (production), and <a class="reference external" href="https://github.com/letsencrypt/Pebble">Pebble testing server</a>. We have got community feedback that they also work with Sectigo ACME Service for InCommon and with HARICA. If you experience problems with another ACME server, please <a class="reference external" href="https://github.com/ansible-collections/community.crypto/issues/new/choose">create an issue</a> to help us supporting it. Feedback that an ACME server not mentioned does work is also appreciated.</p></li>
<li><p>If a new enough version of the <code class="docutils literal notranslate"><span class="pre">cryptography</span></code> library is available (see Requirements for details), it will be used instead of the <code class="docutils literal notranslate"><span class="pre">openssl</span></code> binary. This can be explicitly disabled or enabled with the <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-acme-certificate-order-create-module-parameter-select-crypto-backend"><span class="std std-ref"><span class="pre">select_crypto_backend</span></span></a></strong></code> option. Note that using the <code class="docutils literal notranslate"><span class="pre">openssl</span></code> binary will be slower and less secure, as private key contents always have to be stored on disk (see <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-acme-certificate-order-create-module-parameter-account-key-content"><span class="std std-ref"><span class="pre">account_key_content</span></span></a></strong></code>).</p></li>
</ul>
</div>
@@ -502,8 +501,6 @@ If <code class="ansible-option docutils literal notranslate"><strong><a class="r
</dd>
<dt><a class="reference external" href="https://letsencrypt.org/docs/">The Lets Encrypt documentation</a></dt><dd><p>Documentation for the Lets Encrypt Certification Authority. Provides useful information for example on rate limits.</p>
</dd>
<dt><a class="reference external" href="https://www.buypass.com/ssl/products/acme">Buypass Go SSL</a></dt><dd><p>Documentation for the Buypass Certification Authority. Provides useful information for example on rate limits.</p>
</dd>
<dt><a class="reference external" href="https://tools.ietf.org/html/rfc8555">Automatic Certificate Management Environment (ACME)</a></dt><dd><p>The specification of the ACME protocol (RFC 8555).</p>
</dd>
<dt><a class="reference external" href="https://www.rfc-editor.org/rfc/rfc8737.html">ACME TLS ALPN Challenge Extension</a></dt><dd><p>The specification of the <code class="ansible-value docutils literal notranslate"><span class="pre">tls-alpn-01</span></code> challenge (RFC 8737).</p>