mirror of
https://github.com/ansible-collections/community.crypto.git
synced 2026-05-06 21:33:00 +00:00
deploy: 13ea1de2f3
This commit is contained in:
felixfontein
@@ -206,12 +206,13 @@ see <a class="reference internal" href="#ansible-collections-community-crypto-ac
|
||||
<section id="synopsis">
|
||||
<h2><a class="toc-backref" href="#id1" role="doc-backlink">Synopsis</a><a class="headerlink" href="#synopsis" title="Link to this heading"></a></h2>
|
||||
<ul class="simple">
|
||||
<li><p>Create and renew SSL/TLS certificates with a CA supporting the <a class="reference external" href="https://tools.ietf.org/html/rfc8555">ACME protocol</a>, such as <a class="reference external" href="https://letsencrypt.org/">Let’s Encrypt</a>. The current implementation supports the <code class="ansible-value docutils literal notranslate"><span class="pre">http-01</span></code>, <code class="ansible-value docutils literal notranslate"><span class="pre">dns-01</span></code>, <code class="ansible-value docutils literal notranslate"><span class="pre">dns-account-01</span></code> and <code class="ansible-value docutils literal notranslate"><span class="pre">tls-alpn-01</span></code> challenges.</p></li>
|
||||
<li><p>Create and renew SSL/TLS certificates with a CA supporting the <a class="reference external" href="https://tools.ietf.org/html/rfc8555">ACME protocol</a>, such as <a class="reference external" href="https://letsencrypt.org/">Let’s Encrypt</a>. The current implementation supports the <code class="ansible-value docutils literal notranslate"><span class="pre">http-01</span></code>, <code class="ansible-value docutils literal notranslate"><span class="pre">dns-01</span></code>, <code class="ansible-value docutils literal notranslate"><span class="pre">dns-account-01</span></code>, <code class="ansible-value docutils literal notranslate"><span class="pre">dns-persist-01</span></code>, and <code class="ansible-value docutils literal notranslate"><span class="pre">tls-alpn-01</span></code> challenges.</p></li>
|
||||
<li><p>To use this module, it has to be executed twice. Either as two different tasks in the same run or during two runs. Note that the output of the first run needs to be recorded and passed to the second run as the module argument <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-acme-certificate-module-parameter-data"><span class="std std-ref"><span class="pre">data</span></span></a></strong></code>.</p></li>
|
||||
<li><p>Between these two tasks you have to fulfill the required steps for the chosen challenge by whatever means necessary. For <code class="ansible-value docutils literal notranslate"><span class="pre">http-01</span></code> that means creating the necessary challenge file on the destination webserver. For <code class="ansible-value docutils literal notranslate"><span class="pre">dns-01</span></code> and <code class="ansible-value docutils literal notranslate"><span class="pre">dns-account-01</span></code> the necessary DNS records have to be created. For <code class="ansible-value docutils literal notranslate"><span class="pre">tls-alpn-01</span></code> the necessary certificate has to be created and served. It is <em>not</em> the responsibility of this module to perform these steps.</p></li>
|
||||
<li><p>Between these two tasks you have to fulfill the required steps for the chosen challenge by whatever means necessary. For <code class="ansible-value docutils literal notranslate"><span class="pre">http-01</span></code> that means creating the necessary challenge file on the destination webserver. For <code class="ansible-value docutils literal notranslate"><span class="pre">dns-01</span></code>, <code class="ansible-value docutils literal notranslate"><span class="pre">dns-account-01</span></code>, and <code class="ansible-value docutils literal notranslate"><span class="pre">dns-persist-01</span></code> the necessary DNS records have to be created. For <code class="ansible-value docutils literal notranslate"><span class="pre">tls-alpn-01</span></code> the necessary certificate has to be created and served. It is <em>not</em> the responsibility of this module to perform these steps.</p></li>
|
||||
<li><p>For details on how to fulfill these challenges, you might have to read through <a class="reference external" href="https://tools.ietf.org/html/rfc8555#section-8">the main ACME specification</a> and the <a class="reference external" href="https://www.rfc-editor.org/rfc/rfc8737.html#section-3">TLS-ALPN-01 specification</a>. Also, consider the examples provided for this module.</p></li>
|
||||
<li><p>The module support for IP identifiers according to <a class="reference external" href="https://www.rfc-editor.org/rfc/rfc8738.html">RFC 8738</a>.</p></li>
|
||||
<li><p>The module supports the <code class="ansible-value docutils literal notranslate"><span class="pre">dns-account-01</span></code> challenge type according to <a class="reference external" href="https://datatracker.ietf.org/doc/html/draft-ietf-acme-dns-account-label-02">acme-dns-account-label draft 02</a>. Note that the supported draft version can change at any time, and changes will only be considered breaking once the draft reached RFC status.</p></li>
|
||||
<li><p>The module supports the <code class="ansible-value docutils literal notranslate"><span class="pre">dns-persist-01</span></code> challenge type according to <a class="reference external" href="https://www.ietf.org/archive/id/draft-ietf-acme-dns-persist-01.html">acme-dns-persist draft 01</a>. Note that the supported draft version can change at any time, and changes will only be considered breaking once the draft reached RFC status.</p></li>
|
||||
</ul>
|
||||
</section>
|
||||
<section id="requirements">
|
||||
@@ -332,12 +333,13 @@ see <a class="reference internal" href="#ansible-collections-community-crypto-ac
|
||||
</div></td>
|
||||
<td><div class="ansible-option-cell"><p>The challenge to be performed.</p>
|
||||
<p>If set to <code class="ansible-value docutils literal notranslate"><span class="pre">no</span> <span class="pre">challenge</span></code>, no challenge will be used. This is necessary for some private CAs which use External Account Binding and other means of validating certificate assurance. For example, an account could be allowed to issue certificates for <code class="docutils literal notranslate"><span class="pre">foo.example.com</span></code> without any further validation for a certain period of time.</p>
|
||||
<p>Support for <code class="ansible-value docutils literal notranslate"><span class="pre">dns-account-01</span></code> has been added in community.crypto 3.2.0.</p>
|
||||
<p>Support for <code class="ansible-value docutils literal notranslate"><span class="pre">dns-account-01</span></code> and <code class="ansible-value docutils literal notranslate"><span class="pre">dns-persist-01</span></code> has been added in community.crypto 3.2.0.</p>
|
||||
<p class="ansible-option-line"><strong class="ansible-option-choices">Choices:</strong></p>
|
||||
<ul class="simple">
|
||||
<li><p><code class="ansible-option-default-bold docutils literal notranslate"><strong><span class="pre">"http-01"</span></strong></code> <span class="ansible-option-choices-default-mark">← (default)</span></p></li>
|
||||
<li><p><code class="ansible-option-choices-entry docutils literal notranslate"><span class="pre">"dns-01"</span></code></p></li>
|
||||
<li><p><code class="ansible-option-choices-entry docutils literal notranslate"><span class="pre">"dns-account-01"</span></code></p></li>
|
||||
<li><p><code class="ansible-option-choices-entry docutils literal notranslate"><span class="pre">"dns-persist-01"</span></code></p></li>
|
||||
<li><p><code class="ansible-option-choices-entry docutils literal notranslate"><span class="pre">"tls-alpn-01"</span></code></p></li>
|
||||
<li><p><code class="ansible-option-choices-entry docutils literal notranslate"><span class="pre">"no</span> <span class="pre">challenge"</span></code></p></li>
|
||||
</ul>
|
||||
@@ -990,12 +992,30 @@ If <code class="ansible-option docutils literal notranslate"><strong><a class="r
|
||||
<a class="ansibleOptionLink" href="#return-challenge_data/identifier/challenge-type" title="Permalink to this return value"></a><p class="ansible-option-type-line"><span class="ansible-option-type">dictionary</span></p>
|
||||
</div></td>
|
||||
<td><div class="ansible-option-indent-desc"></div><div class="ansible-option-indent-desc"></div><div class="ansible-option-cell"><p>Data for every challenge type.</p>
|
||||
<p>The keys in this dictionary are the challenge types. <code class="docutils literal notranslate"><span class="pre">challenge-type</span></code> is a placeholder used in the documentation. Possible keys are <code class="ansible-value docutils literal notranslate"><span class="pre">http-01</span></code>, <code class="ansible-value docutils literal notranslate"><span class="pre">dns-01</span></code>, <code class="ansible-value docutils literal notranslate"><span class="pre">dns-account-01</span></code>, and <code class="ansible-value docutils literal notranslate"><span class="pre">tls-alpn-01</span></code>.</p>
|
||||
<p>The keys in this dictionary are the challenge types. <code class="docutils literal notranslate"><span class="pre">challenge-type</span></code> is a placeholder used in the documentation. Possible keys are <code class="ansible-value docutils literal notranslate"><span class="pre">http-01</span></code>, <code class="ansible-value docutils literal notranslate"><span class="pre">dns-01</span></code>, <code class="ansible-value docutils literal notranslate"><span class="pre">dns-account-01</span></code>, <code class="ansible-value docutils literal notranslate"><span class="pre">dns-persist-01</span></code>, and <code class="ansible-value docutils literal notranslate"><span class="pre">tls-alpn-01</span></code>.</p>
|
||||
<p>Note that the keys are not valid Jinja2 identifiers.</p>
|
||||
<p class="ansible-option-line"><strong class="ansible-option-returned-bold">Returned:</strong> changed</p>
|
||||
</div></td>
|
||||
</tr>
|
||||
<tr class="row-even"><td><div class="ansible-option-indent"></div><div class="ansible-option-indent"></div><div class="ansible-option-indent"></div><div class="ansible-option-cell">
|
||||
<div class="ansibleOptionAnchor" id="return-challenge_data/identifier/challenge-type/account_uri"></div><p class="ansible-option-title" id="ansible-collections-community-crypto-acme-certificate-module-return-challenge-data-identifier-challenge-type-account-uri"><strong>account_uri</strong></p>
|
||||
<a class="ansibleOptionLink" href="#return-challenge_data/identifier/challenge-type/account_uri" title="Permalink to this return value"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
|
||||
</div></td>
|
||||
<td><div class="ansible-option-indent-desc"></div><div class="ansible-option-indent-desc"></div><div class="ansible-option-indent-desc"></div><div class="ansible-option-cell"><p>The account URI that must be mentioned in the DNS TXT record.</p>
|
||||
<p class="ansible-option-line"><strong class="ansible-option-returned-bold">Returned:</strong> changed and challenge is <code class="ansible-value docutils literal notranslate"><span class="pre">dns-persist-01</span></code></p>
|
||||
<p class="ansible-option-line ansible-option-sample"><strong class="ansible-option-sample-bold">Sample:</strong> <code class="ansible-option-sample docutils literal notranslate"><span class="pre">"https://ca.example/acct/123"</span></code></p>
|
||||
</div></td>
|
||||
</tr>
|
||||
<tr class="row-odd"><td><div class="ansible-option-indent"></div><div class="ansible-option-indent"></div><div class="ansible-option-indent"></div><div class="ansible-option-cell">
|
||||
<div class="ansibleOptionAnchor" id="return-challenge_data/identifier/challenge-type/issuer_domain_names"></div><p class="ansible-option-title" id="ansible-collections-community-crypto-acme-certificate-module-return-challenge-data-identifier-challenge-type-issuer-domain-names"><strong>issuer_domain_names</strong></p>
|
||||
<a class="ansibleOptionLink" href="#return-challenge_data/identifier/challenge-type/issuer_domain_names" title="Permalink to this return value"></a><p class="ansible-option-type-line"><span class="ansible-option-type">list</span> / <span class="ansible-option-elements">elements=string</span></p>
|
||||
</div></td>
|
||||
<td><div class="ansible-option-indent-desc"></div><div class="ansible-option-indent-desc"></div><div class="ansible-option-indent-desc"></div><div class="ansible-option-cell"><p>One of the issuer domain names must be mentioned in the DNS TXT record.</p>
|
||||
<p class="ansible-option-line"><strong class="ansible-option-returned-bold">Returned:</strong> changed and challenge is <code class="ansible-value docutils literal notranslate"><span class="pre">dns-persist-01</span></code></p>
|
||||
<p class="ansible-option-line ansible-option-sample"><strong class="ansible-option-sample-bold">Sample:</strong> <code class="ansible-option-sample docutils literal notranslate"><span class="pre">["letsencrypt.org"]</span></code></p>
|
||||
</div></td>
|
||||
</tr>
|
||||
<tr class="row-even"><td><div class="ansible-option-indent"></div><div class="ansible-option-indent"></div><div class="ansible-option-indent"></div><div class="ansible-option-cell">
|
||||
<div class="ansibleOptionAnchor" id="return-challenge_data/identifier/challenge-type/record"></div><p class="ansible-option-title" id="ansible-collections-community-crypto-acme-certificate-module-return-challenge-data-identifier-challenge-type-record"><strong>record</strong></p>
|
||||
<a class="ansibleOptionLink" href="#return-challenge_data/identifier/challenge-type/record" title="Permalink to this return value"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
|
||||
</div></td>
|
||||
@@ -1009,7 +1029,7 @@ If <code class="ansible-option docutils literal notranslate"><strong><a class="r
|
||||
<a class="ansibleOptionLink" href="#return-challenge_data/identifier/challenge-type/resource" title="Permalink to this return value"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
|
||||
</div></td>
|
||||
<td><div class="ansible-option-indent-desc"></div><div class="ansible-option-indent-desc"></div><div class="ansible-option-indent-desc"></div><div class="ansible-option-cell"><p>The challenge resource that must be created for validation.</p>
|
||||
<p class="ansible-option-line"><strong class="ansible-option-returned-bold">Returned:</strong> changed</p>
|
||||
<p class="ansible-option-line"><strong class="ansible-option-returned-bold">Returned:</strong> changed and challenge is not <code class="ansible-value docutils literal notranslate"><span class="pre">dns-persist-01</span></code></p>
|
||||
<p class="ansible-option-line ansible-option-sample"><strong class="ansible-option-sample-bold">Sample:</strong> <code class="ansible-option-sample docutils literal notranslate"><span class="pre">".well-known/acme-challenge/evaGxfADs6pSRb2LAv9IZf17Dt3juxGJ-PCt92wr-oA"</span></code></p>
|
||||
</div></td>
|
||||
</tr>
|
||||
@@ -1029,7 +1049,7 @@ If <code class="ansible-option docutils literal notranslate"><strong><a class="r
|
||||
<td><div class="ansible-option-indent-desc"></div><div class="ansible-option-indent-desc"></div><div class="ansible-option-indent-desc"></div><div class="ansible-option-cell"><p>The value the resource has to produce for the validation.</p>
|
||||
<p>For <code class="ansible-value docutils literal notranslate"><span class="pre">http-01</span></code>, <code class="ansible-value docutils literal notranslate"><span class="pre">dns-01</span></code>, and <code class="ansible-value docutils literal notranslate"><span class="pre">dns-account-01</span></code> challenges, the value can be used as-is.</p>
|
||||
<p>For <code class="ansible-value docutils literal notranslate"><span class="pre">tls-alpn-01</span></code> challenges, note that this return value contains a Base64 encoded version of the correct binary blob which has to be put into the acmeValidation x509 extension; see <a class="reference external" href="https://www.rfc-editor.org/rfc/rfc8737.html#section-3">https://www.rfc-editor.org/rfc/rfc8737.html#section-3</a> for details. To do this, you might need the <a class="reference external" href="https://docs.ansible.com/projects/ansible/devel/collections/ansible/builtin/b64decode_filter.html#ansible-collections-ansible-builtin-b64decode-filter" title="(in Ansible devel)"><span class="xref std std-ref">ansible.builtin.b64decode</span></a> Jinja filter to extract the binary blob from this return value.</p>
|
||||
<p class="ansible-option-line"><strong class="ansible-option-returned-bold">Returned:</strong> changed</p>
|
||||
<p class="ansible-option-line"><strong class="ansible-option-returned-bold">Returned:</strong> changed and challenge is not <code class="ansible-value docutils literal notranslate"><span class="pre">dns-persist-01</span></code></p>
|
||||
<p class="ansible-option-line ansible-option-sample"><strong class="ansible-option-sample-bold">Sample:</strong> <code class="ansible-option-sample docutils literal notranslate"><span class="pre">"IlirfxKKXA...17Dt3juxGJ-PCt92wr-oA"</span></code></p>
|
||||
</div></td>
|
||||
</tr>
|
||||
|
||||
@@ -208,13 +208,14 @@ see <a class="reference internal" href="#ansible-collections-community-crypto-ac
|
||||
<h2><a class="toc-backref" href="#id1" role="doc-backlink">Synopsis</a><a class="headerlink" href="#synopsis" title="Link to this heading"></a></h2>
|
||||
<ul class="simple">
|
||||
<li><p>Creates an ACME v2 order. This is the first step of obtaining a new certificate with the <a class="reference external" href="https://tools.ietf.org/html/rfc8555">ACME protocol</a> from a Certificate Authority such as <a class="reference external" href="https://letsencrypt.org/">Let’s Encrypt</a>. This module does not support ACME v1, the original version of the ACME protocol before standardization.</p></li>
|
||||
<li><p>The current implementation supports the <code class="ansible-value docutils literal notranslate"><span class="pre">http-01</span></code>, <code class="ansible-value docutils literal notranslate"><span class="pre">dns-01</span></code>, <code class="ansible-value docutils literal notranslate"><span class="pre">dns-account-01</span></code>, and <code class="ansible-value docutils literal notranslate"><span class="pre">tls-alpn-01</span></code> challenges.</p></li>
|
||||
<li><p>The current implementation supports the <code class="ansible-value docutils literal notranslate"><span class="pre">http-01</span></code>, <code class="ansible-value docutils literal notranslate"><span class="pre">dns-01</span></code>, <code class="ansible-value docutils literal notranslate"><span class="pre">dns-account-01</span></code>, <code class="ansible-value docutils literal notranslate"><span class="pre">dns-persist-01</span></code>, and <code class="ansible-value docutils literal notranslate"><span class="pre">tls-alpn-01</span></code> challenges.</p></li>
|
||||
<li><p>This module needs to be used in conjunction with the <a class="reference internal" href="acme_certificate_order_validate_module.html#ansible-collections-community-crypto-acme-certificate-order-validate-module"><span class="std std-ref">community.crypto.acme_certificate_order_validate</span></a> and. <a class="reference internal" href="acme_certificate_order_finalize_module.html#ansible-collections-community-crypto-acme-certificate-order-finalize-module"><span class="std std-ref">community.crypto.acme_certificate_order_finalize</span></a> module. An order can be effectively deactivated with the <a class="reference internal" href="acme_certificate_deactivate_authz_module.html#ansible-collections-community-crypto-acme-certificate-deactivate-authz-module"><span class="std std-ref">community.crypto.acme_certificate_deactivate_authz</span></a> module. Note that both modules require the output <code class="ansible-return-value docutils literal notranslate"><a class="reference internal" href="#ansible-collections-community-crypto-acme-certificate-order-create-module-return-order-uri"><span class="std std-ref"><span class="pre">order_uri</span></span></a></code> of this module.</p></li>
|
||||
<li><p>To create or modify ACME accounts, use the <a class="reference internal" href="acme_account_module.html#ansible-collections-community-crypto-acme-account-module"><span class="std std-ref">community.crypto.acme_account</span></a> module. This module will <em>not</em> create or update ACME accounts.</p></li>
|
||||
<li><p>Between the call of this module and <a class="reference internal" href="acme_certificate_order_finalize_module.html#ansible-collections-community-crypto-acme-certificate-order-finalize-module"><span class="std std-ref">community.crypto.acme_certificate_order_finalize</span></a>, you have to fulfill the required steps for the chosen challenge by whatever means necessary. For <code class="ansible-value docutils literal notranslate"><span class="pre">http-01</span></code> that means creating the necessary challenge file on the destination webserver. For <code class="ansible-value docutils literal notranslate"><span class="pre">dns-01</span></code> and <code class="ansible-value docutils literal notranslate"><span class="pre">dns-account-01</span></code> the necessary DNS records have to be created. For <code class="ansible-value docutils literal notranslate"><span class="pre">tls-alpn-01</span></code> the necessary certificate has to be created and served. It is <em>not</em> the responsibility of this module to perform these steps.</p></li>
|
||||
<li><p>Between the call of this module and <a class="reference internal" href="acme_certificate_order_finalize_module.html#ansible-collections-community-crypto-acme-certificate-order-finalize-module"><span class="std std-ref">community.crypto.acme_certificate_order_finalize</span></a>, you have to fulfill the required steps for the chosen challenge by whatever means necessary. For <code class="ansible-value docutils literal notranslate"><span class="pre">http-01</span></code> that means creating the necessary challenge file on the destination webserver. For <code class="ansible-value docutils literal notranslate"><span class="pre">dns-01</span></code>, <code class="ansible-value docutils literal notranslate"><span class="pre">dns-account-01</span></code>, and <code class="ansible-value docutils literal notranslate"><span class="pre">dns-persist-01</span></code> the necessary DNS records have to be created. For <code class="ansible-value docutils literal notranslate"><span class="pre">tls-alpn-01</span></code> the necessary certificate has to be created and served. It is <em>not</em> the responsibility of this module to perform these steps.</p></li>
|
||||
<li><p>For details on how to fulfill these challenges, you might have to read through <a class="reference external" href="https://tools.ietf.org/html/rfc8555#section-8">the main ACME specification</a> and the <a class="reference external" href="https://www.rfc-editor.org/rfc/rfc8737.html#section-3">TLS-ALPN-01 specification</a>. Also, consider the examples provided for this module.</p></li>
|
||||
<li><p>The module includes support for IP identifiers according to <a class="reference external" href="https://www.rfc-editor.org/rfc/rfc8738.html">RFC 8738</a> ACME extension.</p></li>
|
||||
<li><p>The module supports the <code class="ansible-value docutils literal notranslate"><span class="pre">dns-account-01</span></code> challenge type according to <a class="reference external" href="https://datatracker.ietf.org/doc/html/draft-ietf-acme-dns-account-label-02">acme-dns-account-label draft 02</a>. Note that the supported draft version can change at any time, and changes will only be considered breaking once the draft reached RFC status.</p></li>
|
||||
<li><p>The module supports the <code class="ansible-value docutils literal notranslate"><span class="pre">dns-persist-01</span></code> challenge type according to <a class="reference external" href="https://www.ietf.org/archive/id/draft-ietf-acme-dns-persist-01.html">acme-dns-persist draft 01</a>. Note that the supported draft version can change at any time, and changes will only be considered breaking once the draft reached RFC status.</p></li>
|
||||
</ul>
|
||||
</section>
|
||||
<section id="requirements">
|
||||
@@ -726,6 +727,34 @@ If <code class="ansible-option docutils literal notranslate"><strong><a class="r
|
||||
</div></td>
|
||||
</tr>
|
||||
<tr class="row-odd"><td><div class="ansible-option-indent"></div><div class="ansible-option-indent"></div><div class="ansible-option-cell">
|
||||
<div class="ansibleOptionAnchor" id="return-challenge_data/challenges/dns-persist-01"></div><p class="ansible-option-title" id="ansible-collections-community-crypto-acme-certificate-order-create-module-return-challenge-data-challenges-dns-persist-01"><strong>dns-persist-01</strong></p>
|
||||
<a class="ansibleOptionLink" href="#return-challenge_data/challenges/dns-persist-01" title="Permalink to this return value"></a><p class="ansible-option-type-line"><span class="ansible-option-type">dictionary</span></p>
|
||||
<p><em class="ansible-option-versionadded">added in community.crypto 3.2.0</em></p>
|
||||
</div></td>
|
||||
<td><div class="ansible-option-indent-desc"></div><div class="ansible-option-indent-desc"></div><div class="ansible-option-cell"><p>Information for <code class="ansible-value docutils literal notranslate"><span class="pre">dns-persist-01</span></code> authorization.</p>
|
||||
<p>A DNS TXT record needs to be created with the record name <code class="ansible-value docutils literal notranslate"><span class="pre">_validation-persist.<domain></span></code>. See the <a class="reference internal" href="acme_dns_persist_record_filter.html#ansible-collections-community-crypto-acme-dns-persist-record-filter"><span class="std std-ref">community.crypto.acme_dns_persist_record</span></a> for how to create the record’s content.</p>
|
||||
<p class="ansible-option-line"><strong class="ansible-option-returned-bold">Returned:</strong> if the identifier supports <code class="ansible-value docutils literal notranslate"><span class="pre">dns-persist-01</span></code> authorization</p>
|
||||
</div></td>
|
||||
</tr>
|
||||
<tr class="row-even"><td><div class="ansible-option-indent"></div><div class="ansible-option-indent"></div><div class="ansible-option-indent"></div><div class="ansible-option-cell">
|
||||
<div class="ansibleOptionAnchor" id="return-challenge_data/challenges/dns-persist-01/account_uri"></div><p class="ansible-option-title" id="ansible-collections-community-crypto-acme-certificate-order-create-module-return-challenge-data-challenges-dns-persist-01-account-uri"><strong>account_uri</strong></p>
|
||||
<a class="ansibleOptionLink" href="#return-challenge_data/challenges/dns-persist-01/account_uri" title="Permalink to this return value"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
|
||||
</div></td>
|
||||
<td><div class="ansible-option-indent-desc"></div><div class="ansible-option-indent-desc"></div><div class="ansible-option-indent-desc"></div><div class="ansible-option-cell"><p>The account URI that must be mentioned in the DNS TXT record.</p>
|
||||
<p class="ansible-option-line"><strong class="ansible-option-returned-bold">Returned:</strong> success</p>
|
||||
<p class="ansible-option-line ansible-option-sample"><strong class="ansible-option-sample-bold">Sample:</strong> <code class="ansible-option-sample docutils literal notranslate"><span class="pre">"https://ca.example/acct/123"</span></code></p>
|
||||
</div></td>
|
||||
</tr>
|
||||
<tr class="row-odd"><td><div class="ansible-option-indent"></div><div class="ansible-option-indent"></div><div class="ansible-option-indent"></div><div class="ansible-option-cell">
|
||||
<div class="ansibleOptionAnchor" id="return-challenge_data/challenges/dns-persist-01/issuer_domain_names"></div><p class="ansible-option-title" id="ansible-collections-community-crypto-acme-certificate-order-create-module-return-challenge-data-challenges-dns-persist-01-issuer-domain-names"><strong>issuer_domain_names</strong></p>
|
||||
<a class="ansibleOptionLink" href="#return-challenge_data/challenges/dns-persist-01/issuer_domain_names" title="Permalink to this return value"></a><p class="ansible-option-type-line"><span class="ansible-option-type">list</span> / <span class="ansible-option-elements">elements=string</span></p>
|
||||
</div></td>
|
||||
<td><div class="ansible-option-indent-desc"></div><div class="ansible-option-indent-desc"></div><div class="ansible-option-indent-desc"></div><div class="ansible-option-cell"><p>One of the issuer domain names must be mentioned in the DNS TXT record.</p>
|
||||
<p class="ansible-option-line"><strong class="ansible-option-returned-bold">Returned:</strong> success</p>
|
||||
<p class="ansible-option-line ansible-option-sample"><strong class="ansible-option-sample-bold">Sample:</strong> <code class="ansible-option-sample docutils literal notranslate"><span class="pre">["letsencrypt.org"]</span></code></p>
|
||||
</div></td>
|
||||
</tr>
|
||||
<tr class="row-even"><td><div class="ansible-option-indent"></div><div class="ansible-option-indent"></div><div class="ansible-option-cell">
|
||||
<div class="ansibleOptionAnchor" id="return-challenge_data/challenges/http-01"></div><p class="ansible-option-title" id="ansible-collections-community-crypto-acme-certificate-order-create-module-return-challenge-data-challenges-http-01"><strong>http-01</strong></p>
|
||||
<a class="ansibleOptionLink" href="#return-challenge_data/challenges/http-01" title="Permalink to this return value"></a><p class="ansible-option-type-line"><span class="ansible-option-type">dictionary</span></p>
|
||||
</div></td>
|
||||
@@ -734,7 +763,7 @@ If <code class="ansible-option docutils literal notranslate"><strong><a class="r
|
||||
<p class="ansible-option-line"><strong class="ansible-option-returned-bold">Returned:</strong> if the identifier supports <code class="ansible-value docutils literal notranslate"><span class="pre">http-01</span></code> authorization</p>
|
||||
</div></td>
|
||||
</tr>
|
||||
<tr class="row-even"><td><div class="ansible-option-indent"></div><div class="ansible-option-indent"></div><div class="ansible-option-indent"></div><div class="ansible-option-cell">
|
||||
<tr class="row-odd"><td><div class="ansible-option-indent"></div><div class="ansible-option-indent"></div><div class="ansible-option-indent"></div><div class="ansible-option-cell">
|
||||
<div class="ansibleOptionAnchor" id="return-challenge_data/challenges/http-01/resource"></div><p class="ansible-option-title" id="ansible-collections-community-crypto-acme-certificate-order-create-module-return-challenge-data-challenges-http-01-resource"><strong>resource</strong></p>
|
||||
<a class="ansibleOptionLink" href="#return-challenge_data/challenges/http-01/resource" title="Permalink to this return value"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
|
||||
</div></td>
|
||||
@@ -743,7 +772,7 @@ If <code class="ansible-option docutils literal notranslate"><strong><a class="r
|
||||
<p class="ansible-option-line ansible-option-sample"><strong class="ansible-option-sample-bold">Sample:</strong> <code class="ansible-option-sample docutils literal notranslate"><span class="pre">".well-known/acme-challenge/evaGxfADs6pSRb2LAv9IZf17Dt3juxGJ-PCt92wr-oA"</span></code></p>
|
||||
</div></td>
|
||||
</tr>
|
||||
<tr class="row-odd"><td><div class="ansible-option-indent"></div><div class="ansible-option-indent"></div><div class="ansible-option-indent"></div><div class="ansible-option-cell">
|
||||
<tr class="row-even"><td><div class="ansible-option-indent"></div><div class="ansible-option-indent"></div><div class="ansible-option-indent"></div><div class="ansible-option-cell">
|
||||
<div class="ansibleOptionAnchor" id="return-challenge_data/challenges/http-01/resource_value"></div><p class="ansible-option-title" id="ansible-collections-community-crypto-acme-certificate-order-create-module-return-challenge-data-challenges-http-01-resource-value"><strong>resource_value</strong></p>
|
||||
<a class="ansibleOptionLink" href="#return-challenge_data/challenges/http-01/resource_value" title="Permalink to this return value"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
|
||||
</div></td>
|
||||
@@ -752,7 +781,7 @@ If <code class="ansible-option docutils literal notranslate"><strong><a class="r
|
||||
<p class="ansible-option-line ansible-option-sample"><strong class="ansible-option-sample-bold">Sample:</strong> <code class="ansible-option-sample docutils literal notranslate"><span class="pre">"IlirfxKKXA...17Dt3juxGJ-PCt92wr-oA"</span></code></p>
|
||||
</div></td>
|
||||
</tr>
|
||||
<tr class="row-even"><td><div class="ansible-option-indent"></div><div class="ansible-option-indent"></div><div class="ansible-option-cell">
|
||||
<tr class="row-odd"><td><div class="ansible-option-indent"></div><div class="ansible-option-indent"></div><div class="ansible-option-cell">
|
||||
<div class="ansibleOptionAnchor" id="return-challenge_data/challenges/tls-alpn-01"></div><p class="ansible-option-title" id="ansible-collections-community-crypto-acme-certificate-order-create-module-return-challenge-data-challenges-tls-alpn-01"><strong>tls-alpn-01</strong></p>
|
||||
<a class="ansibleOptionLink" href="#return-challenge_data/challenges/tls-alpn-01" title="Permalink to this return value"></a><p class="ansible-option-type-line"><span class="ansible-option-type">dictionary</span></p>
|
||||
</div></td>
|
||||
@@ -762,7 +791,7 @@ If <code class="ansible-option docutils literal notranslate"><strong><a class="r
|
||||
<p class="ansible-option-line"><strong class="ansible-option-returned-bold">Returned:</strong> if the identifier supports <code class="ansible-value docutils literal notranslate"><span class="pre">tls-alpn-01</span></code> authorization</p>
|
||||
</div></td>
|
||||
</tr>
|
||||
<tr class="row-odd"><td><div class="ansible-option-indent"></div><div class="ansible-option-indent"></div><div class="ansible-option-indent"></div><div class="ansible-option-cell">
|
||||
<tr class="row-even"><td><div class="ansible-option-indent"></div><div class="ansible-option-indent"></div><div class="ansible-option-indent"></div><div class="ansible-option-cell">
|
||||
<div class="ansibleOptionAnchor" id="return-challenge_data/challenges/tls-alpn-01/resource"></div><p class="ansible-option-title" id="ansible-collections-community-crypto-acme-certificate-order-create-module-return-challenge-data-challenges-tls-alpn-01-resource"><strong>resource</strong></p>
|
||||
<a class="ansibleOptionLink" href="#return-challenge_data/challenges/tls-alpn-01/resource" title="Permalink to this return value"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
|
||||
</div></td>
|
||||
@@ -771,7 +800,7 @@ If <code class="ansible-option docutils literal notranslate"><strong><a class="r
|
||||
<p class="ansible-option-line ansible-option-sample"><strong class="ansible-option-sample-bold">Sample:</strong> <code class="ansible-option-sample docutils literal notranslate"><span class="pre">"example.com"</span></code></p>
|
||||
</div></td>
|
||||
</tr>
|
||||
<tr class="row-even"><td><div class="ansible-option-indent"></div><div class="ansible-option-indent"></div><div class="ansible-option-indent"></div><div class="ansible-option-cell">
|
||||
<tr class="row-odd"><td><div class="ansible-option-indent"></div><div class="ansible-option-indent"></div><div class="ansible-option-indent"></div><div class="ansible-option-cell">
|
||||
<div class="ansibleOptionAnchor" id="return-challenge_data/challenges/tls-alpn-01/resource_original"></div><p class="ansible-option-title" id="ansible-collections-community-crypto-acme-certificate-order-create-module-return-challenge-data-challenges-tls-alpn-01-resource-original"><strong>resource_original</strong></p>
|
||||
<a class="ansibleOptionLink" href="#return-challenge_data/challenges/tls-alpn-01/resource_original" title="Permalink to this return value"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
|
||||
</div></td>
|
||||
@@ -780,7 +809,7 @@ If <code class="ansible-option docutils literal notranslate"><strong><a class="r
|
||||
<p class="ansible-option-line ansible-option-sample"><strong class="ansible-option-sample-bold">Sample:</strong> <code class="ansible-option-sample docutils literal notranslate"><span class="pre">"dns:example.com"</span></code></p>
|
||||
</div></td>
|
||||
</tr>
|
||||
<tr class="row-odd"><td><div class="ansible-option-indent"></div><div class="ansible-option-indent"></div><div class="ansible-option-indent"></div><div class="ansible-option-cell">
|
||||
<tr class="row-even"><td><div class="ansible-option-indent"></div><div class="ansible-option-indent"></div><div class="ansible-option-indent"></div><div class="ansible-option-cell">
|
||||
<div class="ansibleOptionAnchor" id="return-challenge_data/challenges/tls-alpn-01/resource_value"></div><p class="ansible-option-title" id="ansible-collections-community-crypto-acme-certificate-order-create-module-return-challenge-data-challenges-tls-alpn-01-resource-value"><strong>resource_value</strong></p>
|
||||
<a class="ansibleOptionLink" href="#return-challenge_data/challenges/tls-alpn-01/resource_value" title="Permalink to this return value"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
|
||||
</div></td>
|
||||
@@ -790,7 +819,7 @@ If <code class="ansible-option docutils literal notranslate"><strong><a class="r
|
||||
<p class="ansible-option-line ansible-option-sample"><strong class="ansible-option-sample-bold">Sample:</strong> <code class="ansible-option-sample docutils literal notranslate"><span class="pre">"AAb="</span></code></p>
|
||||
</div></td>
|
||||
</tr>
|
||||
<tr class="row-even"><td><div class="ansible-option-indent"></div><div class="ansible-option-cell">
|
||||
<tr class="row-odd"><td><div class="ansible-option-indent"></div><div class="ansible-option-cell">
|
||||
<div class="ansibleOptionAnchor" id="return-challenge_data/identifier"></div><p class="ansible-option-title" id="ansible-collections-community-crypto-acme-certificate-order-create-module-return-challenge-data-identifier"><strong>identifier</strong></p>
|
||||
<a class="ansibleOptionLink" href="#return-challenge_data/identifier" title="Permalink to this return value"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
|
||||
</div></td>
|
||||
@@ -799,7 +828,7 @@ If <code class="ansible-option docutils literal notranslate"><strong><a class="r
|
||||
<p class="ansible-option-line ansible-option-sample"><strong class="ansible-option-sample-bold">Sample:</strong> <code class="ansible-option-sample docutils literal notranslate"><span class="pre">"example.com"</span></code></p>
|
||||
</div></td>
|
||||
</tr>
|
||||
<tr class="row-odd"><td><div class="ansible-option-indent"></div><div class="ansible-option-cell">
|
||||
<tr class="row-even"><td><div class="ansible-option-indent"></div><div class="ansible-option-cell">
|
||||
<div class="ansibleOptionAnchor" id="return-challenge_data/identifier_type"></div><p class="ansible-option-title" id="ansible-collections-community-crypto-acme-certificate-order-create-module-return-challenge-data-identifier-type"><strong>identifier_type</strong></p>
|
||||
<a class="ansibleOptionLink" href="#return-challenge_data/identifier_type" title="Permalink to this return value"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
|
||||
</div></td>
|
||||
@@ -814,7 +843,7 @@ If <code class="ansible-option docutils literal notranslate"><strong><a class="r
|
||||
<p class="ansible-option-line ansible-option-sample"><strong class="ansible-option-sample-bold">Sample:</strong> <code class="ansible-option-sample docutils literal notranslate"><span class="pre">"dns"</span></code></p>
|
||||
</div></td>
|
||||
</tr>
|
||||
<tr class="row-even"><td><div class="ansible-option-cell">
|
||||
<tr class="row-odd"><td><div class="ansible-option-cell">
|
||||
<div class="ansibleOptionAnchor" id="return-challenge_data_dns"></div><p class="ansible-option-title" id="ansible-collections-community-crypto-acme-certificate-order-create-module-return-challenge-data-dns"><strong>challenge_data_dns</strong></p>
|
||||
<a class="ansibleOptionLink" href="#return-challenge_data_dns" title="Permalink to this return value"></a><p class="ansible-option-type-line"><span class="ansible-option-type">dictionary</span></p>
|
||||
</div></td>
|
||||
@@ -823,7 +852,7 @@ If <code class="ansible-option docutils literal notranslate"><strong><a class="r
|
||||
<p class="ansible-option-line"><strong class="ansible-option-returned-bold">Returned:</strong> success</p>
|
||||
</div></td>
|
||||
</tr>
|
||||
<tr class="row-odd"><td><div class="ansible-option-cell">
|
||||
<tr class="row-even"><td><div class="ansible-option-cell">
|
||||
<div class="ansibleOptionAnchor" id="return-challenge_data_dns_account"></div><p class="ansible-option-title" id="ansible-collections-community-crypto-acme-certificate-order-create-module-return-challenge-data-dns-account"><strong>challenge_data_dns_account</strong></p>
|
||||
<a class="ansibleOptionLink" href="#return-challenge_data_dns_account" title="Permalink to this return value"></a><p class="ansible-option-type-line"><span class="ansible-option-type">dictionary</span></p>
|
||||
<p><em class="ansible-option-versionadded">added in community.crypto 3.2.0</em></p>
|
||||
@@ -833,7 +862,7 @@ If <code class="ansible-option docutils literal notranslate"><strong><a class="r
|
||||
<p class="ansible-option-line"><strong class="ansible-option-returned-bold">Returned:</strong> success</p>
|
||||
</div></td>
|
||||
</tr>
|
||||
<tr class="row-even"><td><div class="ansible-option-cell">
|
||||
<tr class="row-odd"><td><div class="ansible-option-cell">
|
||||
<div class="ansibleOptionAnchor" id="return-order_uri"></div><p class="ansible-option-title" id="ansible-collections-community-crypto-acme-certificate-order-create-module-return-order-uri"><strong>order_uri</strong></p>
|
||||
<a class="ansibleOptionLink" href="#return-order_uri" title="Permalink to this return value"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
|
||||
</div></td>
|
||||
|
||||
@@ -210,6 +210,7 @@ see <a class="reference internal" href="#ansible-collections-community-crypto-ac
|
||||
<li><p>Obtain information for an ACME v2 order. This can be used during the process of obtaining a new certificate with the <a class="reference external" href="https://tools.ietf.org/html/rfc8555">ACME protocol</a> from a Certificate Authority such as <a class="reference external" href="https://letsencrypt.org/">Let’s Encrypt</a>. This module does not support ACME v1, the original version of the ACME protocol before standardization.</p></li>
|
||||
<li><p>This module needs to be used in conjunction with the <a class="reference internal" href="acme_certificate_order_create_module.html#ansible-collections-community-crypto-acme-certificate-order-create-module"><span class="std std-ref">community.crypto.acme_certificate_order_create</span></a>, <a class="reference internal" href="acme_certificate_order_validate_module.html#ansible-collections-community-crypto-acme-certificate-order-validate-module"><span class="std std-ref">community.crypto.acme_certificate_order_validate</span></a>, and <a class="reference internal" href="acme_certificate_order_finalize_module.html#ansible-collections-community-crypto-acme-certificate-order-finalize-module"><span class="std std-ref">community.crypto.acme_certificate_order_finalize</span></a> modules.</p></li>
|
||||
<li><p>The module supports the <code class="ansible-value docutils literal notranslate"><span class="pre">dns-account-01</span></code> challenge type according to <a class="reference external" href="https://datatracker.ietf.org/doc/html/draft-ietf-acme-dns-account-label-02">acme-dns-account-label draft 02</a>. Note that the supported draft version can change at any time, and changes will only be considered breaking once the draft reached RFC status.</p></li>
|
||||
<li><p>The module supports the <code class="ansible-value docutils literal notranslate"><span class="pre">dns-persist-01</span></code> challenge type according to <a class="reference external" href="https://www.ietf.org/archive/id/draft-ietf-acme-dns-persist-01.html">acme-dns-persist draft 01</a>. Note that the supported draft version can change at any time, and changes will only be considered breaking once the draft reached RFC status.</p></li>
|
||||
</ul>
|
||||
</section>
|
||||
<section id="requirements">
|
||||
@@ -526,13 +527,14 @@ see <a class="reference internal" href="#ansible-collections-community-crypto-ac
|
||||
<a class="ansibleOptionLink" href="#return-authorizations_by_identifier/identifier/challenges/type" title="Permalink to this return value"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
|
||||
</div></td>
|
||||
<td><div class="ansible-option-indent-desc"></div><div class="ansible-option-indent-desc"></div><div class="ansible-option-indent-desc"></div><div class="ansible-option-cell"><p>The type of challenge encoded in the object.</p>
|
||||
<p>Support for <code class="ansible-value docutils literal notranslate"><span class="pre">dns-account-01</span></code> has been added in community.crypto 3.2.0.</p>
|
||||
<p>Support for <code class="ansible-value docutils literal notranslate"><span class="pre">dns-account-01</span></code> and <code class="ansible-value docutils literal notranslate"><span class="pre">dns-persist-01</span></code> has been added in community.crypto 3.2.0.</p>
|
||||
<p class="ansible-option-line"><strong class="ansible-option-returned-bold">Returned:</strong> always</p>
|
||||
<p class="ansible-option-line"><strong class="ansible-option-choices">Can only return:</strong></p>
|
||||
<ul class="simple">
|
||||
<li><p><code class="ansible-option-choices-entry docutils literal notranslate"><span class="pre">"http-01"</span></code></p></li>
|
||||
<li><p><code class="ansible-option-choices-entry docutils literal notranslate"><span class="pre">"dns-01"</span></code></p></li>
|
||||
<li><p><code class="ansible-option-choices-entry docutils literal notranslate"><span class="pre">"dns-account-01"</span></code></p></li>
|
||||
<li><p><code class="ansible-option-choices-entry docutils literal notranslate"><span class="pre">"dns-persist-01"</span></code></p></li>
|
||||
<li><p><code class="ansible-option-choices-entry docutils literal notranslate"><span class="pre">"tls-alpn-01"</span></code></p></li>
|
||||
</ul>
|
||||
</div></td>
|
||||
|
||||
@@ -303,12 +303,13 @@ see <a class="reference internal" href="#ansible-collections-community-crypto-ac
|
||||
<td><div class="ansible-option-cell"><p>The challenge to be performed for every pending authorization.</p>
|
||||
<p>Must be provided if there is at least one pending authorization.</p>
|
||||
<p>In case of authorization reuse, or in case of CAs which use External Account Binding and other means of validating certificate assurance, it might not be necessary to provide this option.</p>
|
||||
<p>Support for <code class="ansible-value docutils literal notranslate"><span class="pre">dns-account-01</span></code> has been added in community.crypto 3.2.0.</p>
|
||||
<p>Support for <code class="ansible-value docutils literal notranslate"><span class="pre">dns-account-01</span></code> and <code class="ansible-value docutils literal notranslate"><span class="pre">dns-persist-01</span></code> has been added in community.crypto 3.2.0.</p>
|
||||
<p class="ansible-option-line"><strong class="ansible-option-choices">Choices:</strong></p>
|
||||
<ul class="simple">
|
||||
<li><p><code class="ansible-option-choices-entry docutils literal notranslate"><span class="pre">"http-01"</span></code></p></li>
|
||||
<li><p><code class="ansible-option-choices-entry docutils literal notranslate"><span class="pre">"dns-01"</span></code></p></li>
|
||||
<li><p><code class="ansible-option-choices-entry docutils literal notranslate"><span class="pre">"dns-account-01"</span></code></p></li>
|
||||
<li><p><code class="ansible-option-choices-entry docutils literal notranslate"><span class="pre">"dns-persist-01"</span></code></p></li>
|
||||
<li><p><code class="ansible-option-choices-entry docutils literal notranslate"><span class="pre">"tls-alpn-01"</span></code></p></li>
|
||||
</ul>
|
||||
</div></td>
|
||||
|
||||
Binary file not shown.
File diff suppressed because one or more lines are too long
Reference in New Issue
Block a user