internet/community.crypto
3
0
Fork 0
mirror of https://github.com/ansible-collections/community.crypto.git synced 2026-05-06 21:33:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

deploy: afe7f7522c

Browse Source
This commit is contained in:
felixfontein
2024-04-29 20:24:01 +00:00
parent cb31ea56c9
commit 9160cf2f39
5 changed files with 5 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
branch/main/acme_account_info_module.html
View File

@@ -393,9 +393,9 @@ see <a class="reference internal" href="#ansible-collections-community-crypto-ac
<ul class="simple">
<li><p>The <a class="reference internal" href="acme_account_module.html#ansible-collections-community-crypto-acme-account-module"><span class="std std-ref">community.crypto.acme_account</span></a> module allows to modify, create and delete ACME accounts.</p></li>
<li><p>This module was called <code class="docutils literal notranslate"><span class="pre">acme_account_facts</span></code> before Ansible 2.8. The usage did not change.</p></li>
<li><p>If a new enough version of the <code class="docutils literal notranslate"><span class="pre">cryptography</span></code> library is available (see Requirements for details), it will be used instead of the <code class="docutils literal notranslate"><span class="pre">openssl</span></code> binary. This can be explicitly disabled or enabled with the <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-acme-account-info-module-parameter-select-crypto-backend"><span class="std std-ref"><span class="pre">select_crypto_backend</span></span></a></strong></code> option. Note that using the <code class="docutils literal notranslate"><span class="pre">openssl</span></code> binary will be slower and less secure, as private key contents always have to be stored on disk (see <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-acme-account-info-module-parameter-account-key-content"><span class="std std-ref"><span class="pre">account_key_content</span></span></a></strong></code>).</p></li>
<li><p>Although the defaults are chosen so that the module can be used with the <a class="reference external" href="https://letsencrypt.org/">Lets Encrypt</a> CA, the module can in principle be used with any CA providing an ACME endpoint, such as <a class="reference external" href="https://www.buypass.com/ssl/products/acme">Buypass Go SSL</a>.</p></li>
<li><p>So far, the ACME modules have only been tested by the developers against Lets Encrypt (staging and production), Buypass (staging and production), ZeroSSL (production), and <a class="reference external" href="https://github.com/letsencrypt/Pebble">Pebble testing server</a>. We have got community feedback that they also work with Sectigo ACME Service for InCommon. If you experience problems with another ACME server, please <a class="reference external" href="https://github.com/ansible-collections/community.crypto/issues/new/choose">create an issue</a> to help us supporting it. Feedback that an ACME server not mentioned does work is also appreciated.</p></li>
<li><p>If a new enough version of the <code class="docutils literal notranslate"><span class="pre">cryptography</span></code> library is available (see Requirements for details), it will be used instead of the <code class="docutils literal notranslate"><span class="pre">openssl</span></code> binary. This can be explicitly disabled or enabled with the <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-acme-account-info-module-parameter-select-crypto-backend"><span class="std std-ref"><span class="pre">select_crypto_backend</span></span></a></strong></code> option. Note that using the <code class="docutils literal notranslate"><span class="pre">openssl</span></code> binary will be slower and less secure, as private key contents always have to be stored on disk (see <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-acme-account-info-module-parameter-account-key-content"><span class="std std-ref"><span class="pre">account_key_content</span></span></a></strong></code>).</p></li>
</ul>
</div>
</section>

2
branch/main/acme_account_module.html
View File

@@ -493,9 +493,9 @@ see <a class="reference internal" href="#ansible-collections-community-crypto-ac
<p class="admonition-title">Note</p>
<ul class="simple">
<li><p>The <a class="reference internal" href="acme_certificate_module.html#ansible-collections-community-crypto-acme-certificate-module"><span class="std std-ref">community.crypto.acme_certificate</span></a> module also allows to do basic account management. When using both modules, it is recommended to disable account management for <a class="reference internal" href="acme_certificate_module.html#ansible-collections-community-crypto-acme-certificate-module"><span class="std std-ref">community.crypto.acme_certificate</span></a>. For that, use the <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="acme_certificate_module.html#ansible-collections-community-crypto-acme-certificate-module-parameter-modify-account"><span class="std std-ref"><span class="pre">modify_account</span></span></a></strong></code> option of <a class="reference internal" href="acme_certificate_module.html#ansible-collections-community-crypto-acme-certificate-module"><span class="std std-ref">community.crypto.acme_certificate</span></a>.</p></li>
<li><p>If a new enough version of the <code class="docutils literal notranslate"><span class="pre">cryptography</span></code> library is available (see Requirements for details), it will be used instead of the <code class="docutils literal notranslate"><span class="pre">openssl</span></code> binary. This can be explicitly disabled or enabled with the <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-acme-account-module-parameter-select-crypto-backend"><span class="std std-ref"><span class="pre">select_crypto_backend</span></span></a></strong></code> option. Note that using the <code class="docutils literal notranslate"><span class="pre">openssl</span></code> binary will be slower and less secure, as private key contents always have to be stored on disk (see <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-acme-account-module-parameter-account-key-content"><span class="std std-ref"><span class="pre">account_key_content</span></span></a></strong></code>).</p></li>
<li><p>Although the defaults are chosen so that the module can be used with the <a class="reference external" href="https://letsencrypt.org/">Lets Encrypt</a> CA, the module can in principle be used with any CA providing an ACME endpoint, such as <a class="reference external" href="https://www.buypass.com/ssl/products/acme">Buypass Go SSL</a>.</p></li>
<li><p>So far, the ACME modules have only been tested by the developers against Lets Encrypt (staging and production), Buypass (staging and production), ZeroSSL (production), and <a class="reference external" href="https://github.com/letsencrypt/Pebble">Pebble testing server</a>. We have got community feedback that they also work with Sectigo ACME Service for InCommon. If you experience problems with another ACME server, please <a class="reference external" href="https://github.com/ansible-collections/community.crypto/issues/new/choose">create an issue</a> to help us supporting it. Feedback that an ACME server not mentioned does work is also appreciated.</p></li>
<li><p>If a new enough version of the <code class="docutils literal notranslate"><span class="pre">cryptography</span></code> library is available (see Requirements for details), it will be used instead of the <code class="docutils literal notranslate"><span class="pre">openssl</span></code> binary. This can be explicitly disabled or enabled with the <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-acme-account-module-parameter-select-crypto-backend"><span class="std std-ref"><span class="pre">select_crypto_backend</span></span></a></strong></code> option. Note that using the <code class="docutils literal notranslate"><span class="pre">openssl</span></code> binary will be slower and less secure, as private key contents always have to be stored on disk (see <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-acme-account-module-parameter-account-key-content"><span class="std std-ref"><span class="pre">account_key_content</span></span></a></strong></code>).</p></li>
</ul>
</div>
</section>

2
branch/main/acme_certificate_module.html
View File

@@ -621,9 +621,9 @@ see <a class="reference internal" href="#ansible-collections-community-crypto-ac
<li><p>At least one of <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-acme-certificate-module-parameter-dest"><span class="std std-ref"><span class="pre">dest</span></span></a></strong></code> and <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-acme-certificate-module-parameter-fullchain-dest"><span class="std std-ref"><span class="pre">fullchain_dest</span></span></a></strong></code> must be specified.</p></li>
<li><p>This module includes basic account management functionality. If you want to have more control over your ACME account, use the <a class="reference internal" href="acme_account_module.html#ansible-collections-community-crypto-acme-account-module"><span class="std std-ref">community.crypto.acme_account</span></a> module and disable account management for this module using the <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-acme-certificate-module-parameter-modify-account"><span class="std std-ref"><span class="pre">modify_account</span></span></a></strong></code> option.</p></li>
<li><p>This module was called <code class="docutils literal notranslate"><span class="pre">letsencrypt</span></code> before Ansible 2.6. The usage did not change.</p></li>
<li><p>If a new enough version of the <code class="docutils literal notranslate"><span class="pre">cryptography</span></code> library is available (see Requirements for details), it will be used instead of the <code class="docutils literal notranslate"><span class="pre">openssl</span></code> binary. This can be explicitly disabled or enabled with the <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-acme-certificate-module-parameter-select-crypto-backend"><span class="std std-ref"><span class="pre">select_crypto_backend</span></span></a></strong></code> option. Note that using the <code class="docutils literal notranslate"><span class="pre">openssl</span></code> binary will be slower and less secure, as private key contents always have to be stored on disk (see <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-acme-certificate-module-parameter-account-key-content"><span class="std std-ref"><span class="pre">account_key_content</span></span></a></strong></code>).</p></li>
<li><p>Although the defaults are chosen so that the module can be used with the <a class="reference external" href="https://letsencrypt.org/">Lets Encrypt</a> CA, the module can in principle be used with any CA providing an ACME endpoint, such as <a class="reference external" href="https://www.buypass.com/ssl/products/acme">Buypass Go SSL</a>.</p></li>
<li><p>So far, the ACME modules have only been tested by the developers against Lets Encrypt (staging and production), Buypass (staging and production), ZeroSSL (production), and <a class="reference external" href="https://github.com/letsencrypt/Pebble">Pebble testing server</a>. We have got community feedback that they also work with Sectigo ACME Service for InCommon. If you experience problems with another ACME server, please <a class="reference external" href="https://github.com/ansible-collections/community.crypto/issues/new/choose">create an issue</a> to help us supporting it. Feedback that an ACME server not mentioned does work is also appreciated.</p></li>
<li><p>If a new enough version of the <code class="docutils literal notranslate"><span class="pre">cryptography</span></code> library is available (see Requirements for details), it will be used instead of the <code class="docutils literal notranslate"><span class="pre">openssl</span></code> binary. This can be explicitly disabled or enabled with the <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-acme-certificate-module-parameter-select-crypto-backend"><span class="std std-ref"><span class="pre">select_crypto_backend</span></span></a></strong></code> option. Note that using the <code class="docutils literal notranslate"><span class="pre">openssl</span></code> binary will be slower and less secure, as private key contents always have to be stored on disk (see <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-acme-certificate-module-parameter-account-key-content"><span class="std std-ref"><span class="pre">account_key_content</span></span></a></strong></code>).</p></li>
</ul>
</div>
</section>

2
branch/main/acme_certificate_revoke_module.html
View File

@@ -413,9 +413,9 @@ see <a class="reference internal" href="#ansible-collections-community-crypto-ac
<ul class="simple">
<li><p>Exactly one of <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-acme-certificate-revoke-module-parameter-account-key-src"><span class="std std-ref"><span class="pre">account_key_src</span></span></a></strong></code>, <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-acme-certificate-revoke-module-parameter-account-key-content"><span class="std std-ref"><span class="pre">account_key_content</span></span></a></strong></code>, <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-acme-certificate-revoke-module-parameter-private-key-src"><span class="std std-ref"><span class="pre">private_key_src</span></span></a></strong></code>, or <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-acme-certificate-revoke-module-parameter-private-key-content"><span class="std std-ref"><span class="pre">private_key_content</span></span></a></strong></code> must be specified.</p></li>
<li><p>Trying to revoke an already revoked certificate should result in an unchanged status, even if the revocation reason was different than the one specified here. Also, depending on the server, it can happen that some other error is returned if the certificate has already been revoked.</p></li>
<li><p>If a new enough version of the <code class="docutils literal notranslate"><span class="pre">cryptography</span></code> library is available (see Requirements for details), it will be used instead of the <code class="docutils literal notranslate"><span class="pre">openssl</span></code> binary. This can be explicitly disabled or enabled with the <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-acme-certificate-revoke-module-parameter-select-crypto-backend"><span class="std std-ref"><span class="pre">select_crypto_backend</span></span></a></strong></code> option. Note that using the <code class="docutils literal notranslate"><span class="pre">openssl</span></code> binary will be slower and less secure, as private key contents always have to be stored on disk (see <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-acme-certificate-revoke-module-parameter-account-key-content"><span class="std std-ref"><span class="pre">account_key_content</span></span></a></strong></code>).</p></li>
<li><p>Although the defaults are chosen so that the module can be used with the <a class="reference external" href="https://letsencrypt.org/">Lets Encrypt</a> CA, the module can in principle be used with any CA providing an ACME endpoint, such as <a class="reference external" href="https://www.buypass.com/ssl/products/acme">Buypass Go SSL</a>.</p></li>
<li><p>So far, the ACME modules have only been tested by the developers against Lets Encrypt (staging and production), Buypass (staging and production), ZeroSSL (production), and <a class="reference external" href="https://github.com/letsencrypt/Pebble">Pebble testing server</a>. We have got community feedback that they also work with Sectigo ACME Service for InCommon. If you experience problems with another ACME server, please <a class="reference external" href="https://github.com/ansible-collections/community.crypto/issues/new/choose">create an issue</a> to help us supporting it. Feedback that an ACME server not mentioned does work is also appreciated.</p></li>
<li><p>If a new enough version of the <code class="docutils literal notranslate"><span class="pre">cryptography</span></code> library is available (see Requirements for details), it will be used instead of the <code class="docutils literal notranslate"><span class="pre">openssl</span></code> binary. This can be explicitly disabled or enabled with the <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-acme-certificate-revoke-module-parameter-select-crypto-backend"><span class="std std-ref"><span class="pre">select_crypto_backend</span></span></a></strong></code> option. Note that using the <code class="docutils literal notranslate"><span class="pre">openssl</span></code> binary will be slower and less secure, as private key contents always have to be stored on disk (see <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-acme-certificate-revoke-module-parameter-account-key-content"><span class="std std-ref"><span class="pre">account_key_content</span></span></a></strong></code>).</p></li>
</ul>
</div>
</section>

2
branch/main/acme_inspect_module.html
View File

@@ -420,9 +420,9 @@ see <a class="reference internal" href="#ansible-collections-community-crypto-ac
<ul class="simple">
<li><p>The <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-acme-inspect-module-parameter-account-uri"><span class="std std-ref"><span class="pre">account_uri</span></span></a></strong></code> option must be specified for properly authenticated ACME v2 requests (except a <code class="docutils literal notranslate"><span class="pre">new-account</span></code> request).</p></li>
<li><p>Using the <code class="docutils literal notranslate"><span class="pre">ansible</span></code> tool, <a class="reference internal" href="#ansible-collections-community-crypto-acme-inspect-module"><span class="std std-ref">community.crypto.acme_inspect</span></a> can be used to directly execute ACME requests without the need of writing a playbook. For example, the following command retrieves the ACME account with ID 1 from Lets Encrypt (assuming <code class="docutils literal notranslate"><span class="pre">/path/to/key</span></code> is the correct private account key): <code class="docutils literal notranslate"><span class="pre">ansible</span> <span class="pre">localhost</span> <span class="pre">-m</span> <span class="pre">acme_inspect</span> <span class="pre">-a</span> <span class="pre">&quot;account_key_src=/path/to/key</span> <span class="pre">acme_directory=https://acme-v02.api.letsencrypt.org/directory</span> <span class="pre">acme_version=2</span> <span class="pre">account_uri=https://acme-v02.api.letsencrypt.org/acme/acct/1</span> <span class="pre">method=get</span> <span class="pre">url=https://acme-v02.api.letsencrypt.org/acme/acct/1&quot;</span></code></p></li>
<li><p>If a new enough version of the <code class="docutils literal notranslate"><span class="pre">cryptography</span></code> library is available (see Requirements for details), it will be used instead of the <code class="docutils literal notranslate"><span class="pre">openssl</span></code> binary. This can be explicitly disabled or enabled with the <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-acme-inspect-module-parameter-select-crypto-backend"><span class="std std-ref"><span class="pre">select_crypto_backend</span></span></a></strong></code> option. Note that using the <code class="docutils literal notranslate"><span class="pre">openssl</span></code> binary will be slower and less secure, as private key contents always have to be stored on disk (see <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-acme-inspect-module-parameter-account-key-content"><span class="std std-ref"><span class="pre">account_key_content</span></span></a></strong></code>).</p></li>
<li><p>Although the defaults are chosen so that the module can be used with the <a class="reference external" href="https://letsencrypt.org/">Lets Encrypt</a> CA, the module can in principle be used with any CA providing an ACME endpoint, such as <a class="reference external" href="https://www.buypass.com/ssl/products/acme">Buypass Go SSL</a>.</p></li>
<li><p>So far, the ACME modules have only been tested by the developers against Lets Encrypt (staging and production), Buypass (staging and production), ZeroSSL (production), and <a class="reference external" href="https://github.com/letsencrypt/Pebble">Pebble testing server</a>. We have got community feedback that they also work with Sectigo ACME Service for InCommon. If you experience problems with another ACME server, please <a class="reference external" href="https://github.com/ansible-collections/community.crypto/issues/new/choose">create an issue</a> to help us supporting it. Feedback that an ACME server not mentioned does work is also appreciated.</p></li>
<li><p>If a new enough version of the <code class="docutils literal notranslate"><span class="pre">cryptography</span></code> library is available (see Requirements for details), it will be used instead of the <code class="docutils literal notranslate"><span class="pre">openssl</span></code> binary. This can be explicitly disabled or enabled with the <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-acme-inspect-module-parameter-select-crypto-backend"><span class="std std-ref"><span class="pre">select_crypto_backend</span></span></a></strong></code> option. Note that using the <code class="docutils literal notranslate"><span class="pre">openssl</span></code> binary will be slower and less secure, as private key contents always have to be stored on disk (see <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-acme-inspect-module-parameter-account-key-content"><span class="std std-ref"><span class="pre">account_key_content</span></span></a></strong></code>).</p></li>
</ul>
</div>
</section>