internet/community.crypto
3
0
Fork 0
mirror of https://github.com/ansible-collections/community.crypto.git synced 2026-05-08 14:22:56 +00:00
Code Issues Packages Projects Releases Wiki Activity

deploy: d368d1943d

Browse Source
This commit is contained in:
felixfontein
2025-04-29 06:17:47 +00:00
parent cff842bcf3
commit 959f514761
55 changed files with 126 additions and 163 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
branch/main/acme_inspect_module.html
View File

@@ -183,7 +183,7 @@
<h1>community.crypto.acme_inspect module Send direct requests to an ACME server<a class="headerlink" href="#community-crypto-acme-inspect-module-send-direct-requests-to-an-acme-server" title="Link to this heading"></a></h1>
<div class="admonition note">
<p class="admonition-title">Note</p>
<p>This module is part of the <a class="reference external" href="https://galaxy.ansible.com/ui/repo/published/community/crypto/">community.crypto collection</a> (version 2.26.1).</p>
<p>This module is part of the <a class="reference external" href="https://galaxy.ansible.com/ui/repo/published/community/crypto/">community.crypto collection</a> (version 3.0.0-dev0).</p>
<p>It is not included in <code class="docutils literal notranslate"><span class="pre">ansible-core</span></code>.
To check whether it is installed, run <code class="code docutils literal notranslate"><span class="pre">ansible-galaxy</span> <span class="pre">collection</span> <span class="pre">list</span></code>.</p>
<p>To install it, use: <code class="code docutils literal notranslate"><span class="pre">ansible-galaxy</span> <span class="pre">collection</span> <span class="pre">install</span> <span class="pre">community.crypto</span></code>.
@@ -283,15 +283,14 @@ see <a class="reference internal" href="#ansible-collections-community-crypto-ac
</tr>
<tr class="row-odd"><td><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-acme_version"></div><p class="ansible-option-title" id="ansible-collections-community-crypto-acme-inspect-module-parameter-acme-version"><strong>acme_version</strong></p>
<a class="ansibleOptionLink" href="#parameter-acme_version" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">integer</span> / <span class="ansible-option-required">required</span></p>
<a class="ansibleOptionLink" href="#parameter-acme_version" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">integer</span></p>
</div></td>
<td><div class="ansible-option-cell"><p>The ACME version of the endpoint.</p>
<p>Must be <code class="ansible-value docutils literal notranslate"><span class="pre">1</span></code> for the classic Lets Encrypt and Buypass ACME endpoints, or <code class="ansible-value docutils literal notranslate"><span class="pre">2</span></code> for standardized ACME v2 endpoints.</p>
<p>The value <code class="ansible-value docutils literal notranslate"><span class="pre">1</span></code> is deprecated since community.crypto 2.0.0 and will be removed from community.crypto 3.0.0.</p>
<p>Must be <code class="ansible-value docutils literal notranslate"><span class="pre">2</span></code> for standardized ACME v2 endpoints.</p>
<p>The value <code class="ansible-value docutils literal notranslate"><span class="pre">1</span></code> is no longer supported since community.crypto 3.0.0.</p>
<p class="ansible-option-line"><strong class="ansible-option-choices">Choices:</strong></p>
<ul class="simple">
<li><p><code class="ansible-option-choices-entry docutils literal notranslate"><span class="pre">1</span></code></p></li>
<li><p><code class="ansible-option-choices-entry docutils literal notranslate"><span class="pre">2</span></code></p></li>
<li><p><code class="ansible-option-default-bold docutils literal notranslate"><strong><span class="pre">2</span></strong></code> <span class="ansible-option-choices-default-mark">← (default)</span></p></li>
</ul>
</div></td>
</tr>
@@ -433,7 +432,7 @@ see <a class="reference internal" href="#ansible-collections-community-crypto-ac
<p class="admonition-title">Note</p>
<ul class="simple">
<li><p>The <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-acme-inspect-module-parameter-account-uri"><span class="std std-ref"><span class="pre">account_uri</span></span></a></strong></code> option must be specified for properly authenticated ACME v2 requests (except a <code class="docutils literal notranslate"><span class="pre">new-account</span></code> request).</p></li>
<li><p>Using the <code class="docutils literal notranslate"><span class="pre">ansible</span></code> tool, <a class="reference internal" href="#ansible-collections-community-crypto-acme-inspect-module"><span class="std std-ref">community.crypto.acme_inspect</span></a> can be used to directly execute ACME requests without the need of writing a playbook. For example, the following command retrieves the ACME account with ID 1 from Lets Encrypt (assuming <code class="docutils literal notranslate"><span class="pre">/path/to/key</span></code> is the correct private account key): <code class="docutils literal notranslate"><span class="pre">ansible</span> <span class="pre">localhost</span> <span class="pre">-m</span> <span class="pre">acme_inspect</span> <span class="pre">-a</span> <span class="pre">&quot;account_key_src=/path/to/key</span> <span class="pre">acme_directory=https://acme-v02.api.letsencrypt.org/directory</span> <span class="pre">acme_version=2</span> <span class="pre">account_uri=https://acme-v02.api.letsencrypt.org/acme/acct/1</span> <span class="pre">method=get</span> <span class="pre">url=https://acme-v02.api.letsencrypt.org/acme/acct/1&quot;</span></code>.</p></li>
<li><p>Using the <code class="docutils literal notranslate"><span class="pre">ansible</span></code> tool, <a class="reference internal" href="#ansible-collections-community-crypto-acme-inspect-module"><span class="std std-ref">community.crypto.acme_inspect</span></a> can be used to directly execute ACME requests without the need of writing a playbook. For example, the following command retrieves the ACME account with ID 1 from Lets Encrypt (assuming <code class="docutils literal notranslate"><span class="pre">/path/to/key</span></code> is the correct private account key): <code class="docutils literal notranslate"><span class="pre">ansible</span> <span class="pre">localhost</span> <span class="pre">-m</span> <span class="pre">acme_inspect</span> <span class="pre">-a</span> <span class="pre">&quot;account_key_src=/path/to/key</span> <span class="pre">acme_directory=https://acme-v02.api.letsencrypt.org/directory</span> <span class="pre">account_uri=https://acme-v02.api.letsencrypt.org/acme/acct/1</span> <span class="pre">method=get</span> <span class="pre">url=https://acme-v02.api.letsencrypt.org/acme/acct/1&quot;</span></code>.</p></li>
<li><p>Although the defaults are chosen so that the module can be used with the <a class="reference external" href="https://letsencrypt.org/">Lets Encrypt</a> CA, the module can in principle be used with any CA providing an ACME endpoint, such as <a class="reference external" href="https://www.buypass.com/ssl/products/acme">Buypass Go SSL</a>.</p></li>
<li><p>So far, the ACME modules have only been tested by the developers against Lets Encrypt (staging and production), Buypass (staging and production), ZeroSSL (production), and <a class="reference external" href="https://github.com/letsencrypt/Pebble">Pebble testing server</a>. We have got community feedback that they also work with Sectigo ACME Service for InCommon. If you experience problems with another ACME server, please <a class="reference external" href="https://github.com/ansible-collections/community.crypto/issues/new/choose">create an issue</a> to help us supporting it. Feedback that an ACME server not mentioned does work is also appreciated.</p></li>
<li><p>If a new enough version of the <code class="docutils literal notranslate"><span class="pre">cryptography</span></code> library is available (see Requirements for details), it will be used instead of the <code class="docutils literal notranslate"><span class="pre">openssl</span></code> binary. This can be explicitly disabled or enabled with the <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-acme-inspect-module-parameter-select-crypto-backend"><span class="std std-ref"><span class="pre">select_crypto_backend</span></span></a></strong></code> option. Note that using the <code class="docutils literal notranslate"><span class="pre">openssl</span></code> binary will be slower and less secure, as private key contents always have to be stored on disk (see <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-acme-inspect-module-parameter-account-key-content"><span class="std std-ref"><span class="pre">account_key_content</span></span></a></strong></code>).</p></li>
@@ -458,14 +457,12 @@ see <a class="reference internal" href="#ansible-collections-community-crypto-ac
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Get directory</span>
<span class="w"> </span><span class="nt">community.crypto.acme_inspect</span><span class="p">:</span>
<span class="w"> </span><span class="nt">acme_directory</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">https://acme-staging-v02.api.letsencrypt.org/directory</span>
<span class="w"> </span><span class="nt">acme_version</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">2</span>
<span class="w"> </span><span class="nt">method</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">directory-only</span>
<span class="w"> </span><span class="nt">register</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">directory</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Create an account</span>
<span class="w"> </span><span class="nt">community.crypto.acme_inspect</span><span class="p">:</span>
<span class="w"> </span><span class="nt">acme_directory</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">https://acme-staging-v02.api.letsencrypt.org/directory</span>
<span class="w"> </span><span class="nt">acme_version</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">2</span>
<span class="w"> </span><span class="nt">account_key_src</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/pki/cert/private/account.key</span>
<span class="w"> </span><span class="nt">url</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">directory.newAccount</span><span class="cp">}}</span><span class="s">&quot;</span>
<span class="w"> </span><span class="nt">method</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">post</span>
@@ -477,7 +474,6 @@ see <a class="reference internal" href="#ansible-collections-community-crypto-ac
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Get account information</span>
<span class="w"> </span><span class="nt">community.crypto.acme_inspect</span><span class="p">:</span>
<span class="w"> </span><span class="nt">acme_directory</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">https://acme-staging-v02.api.letsencrypt.org/directory</span>
<span class="w"> </span><span class="nt">acme_version</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">2</span>
<span class="w"> </span><span class="nt">account_key_src</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/pki/cert/private/account.key</span>
<span class="w"> </span><span class="nt">account_uri</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">account_creation.headers.location</span> <span class="cp">}}</span><span class="s">&quot;</span>
<span class="w"> </span><span class="nt">url</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">account_creation.headers.location</span> <span class="cp">}}</span><span class="s">&quot;</span>
@@ -486,7 +482,6 @@ see <a class="reference internal" href="#ansible-collections-community-crypto-ac
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Update account contacts</span>
<span class="w"> </span><span class="nt">community.crypto.acme_inspect</span><span class="p">:</span>
<span class="w"> </span><span class="nt">acme_directory</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">https://acme-staging-v02.api.letsencrypt.org/directory</span>
<span class="w"> </span><span class="nt">acme_version</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">2</span>
<span class="w"> </span><span class="nt">account_key_src</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/pki/cert/private/account.key</span>
<span class="w"> </span><span class="nt">account_uri</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">account_creation.headers.location</span> <span class="cp">}}</span><span class="s">&quot;</span>
<span class="w"> </span><span class="nt">url</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">account_creation.headers.location</span> <span class="cp">}}</span><span class="s">&quot;</span>
@@ -502,7 +497,6 @@ see <a class="reference internal" href="#ansible-collections-community-crypto-ac
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Create certificate order</span>
<span class="w"> </span><span class="nt">community.crypto.acme_certificate</span><span class="p">:</span>
<span class="w"> </span><span class="nt">acme_directory</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">https://acme-staging-v02.api.letsencrypt.org/directory</span>
<span class="w"> </span><span class="nt">acme_version</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">2</span>
<span class="w"> </span><span class="nt">account_key_src</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/pki/cert/private/account.key</span>
<span class="w"> </span><span class="nt">account_uri</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">account_creation.headers.location</span> <span class="cp">}}</span><span class="s">&quot;</span>
<span class="w"> </span><span class="nt">csr</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/pki/cert/csr/sample.com.csr</span>
@@ -516,7 +510,6 @@ see <a class="reference internal" href="#ansible-collections-community-crypto-ac
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Get order information</span>
<span class="w"> </span><span class="nt">community.crypto.acme_inspect</span><span class="p">:</span>
<span class="w"> </span><span class="nt">acme_directory</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">https://acme-staging-v02.api.letsencrypt.org/directory</span>
<span class="w"> </span><span class="nt">acme_version</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">2</span>
<span class="w"> </span><span class="nt">account_key_src</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/pki/cert/private/account.key</span>
<span class="w"> </span><span class="nt">account_uri</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">account_creation.headers.location</span> <span class="cp">}}</span><span class="s">&quot;</span>
<span class="w"> </span><span class="nt">url</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">certificate_request.order_uri</span> <span class="cp">}}</span><span class="s">&quot;</span>
@@ -526,7 +519,6 @@ see <a class="reference internal" href="#ansible-collections-community-crypto-ac
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Get first authz for order</span>
<span class="w"> </span><span class="nt">community.crypto.acme_inspect</span><span class="p">:</span>
<span class="w"> </span><span class="nt">acme_directory</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">https://acme-staging-v02.api.letsencrypt.org/directory</span>
<span class="w"> </span><span class="nt">acme_version</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">2</span>
<span class="w"> </span><span class="nt">account_key_src</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/pki/cert/private/account.key</span>
<span class="w"> </span><span class="nt">account_uri</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">account_creation.headers.location</span> <span class="cp">}}</span><span class="s">&quot;</span>
<span class="w"> </span><span class="nt">url</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">order.output_json.authorizations</span><span class="o">[</span><span class="m">0</span><span class="o">]</span> <span class="cp">}}</span><span class="s">&quot;</span>
@@ -536,7 +528,6 @@ see <a class="reference internal" href="#ansible-collections-community-crypto-ac
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Get HTTP-01 challenge for authz</span>
<span class="w"> </span><span class="nt">community.crypto.acme_inspect</span><span class="p">:</span>
<span class="w"> </span><span class="nt">acme_directory</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">https://acme-staging-v02.api.letsencrypt.org/directory</span>
<span class="w"> </span><span class="nt">acme_version</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">2</span>
<span class="w"> </span><span class="nt">account_key_src</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/pki/cert/private/account.key</span>
<span class="w"> </span><span class="nt">account_uri</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">account_creation.headers.location</span> <span class="cp">}}</span><span class="s">&quot;</span>
<span class="w"> </span><span class="nt">url</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">authz.output_json.challenges</span> <span class="o">|</span> <span class="nf">selectattr</span><span class="o">(</span><span class="s1">&#39;type&#39;</span><span class="o">,</span> <span class="s1">&#39;equalto&#39;</span><span class="o">,</span> <span class="s1">&#39;http-01&#39;</span><span class="o">)</span> <span class="cp">}}</span><span class="s">&quot;</span>
@@ -546,7 +537,6 @@ see <a class="reference internal" href="#ansible-collections-community-crypto-ac
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Activate HTTP-01 challenge manually</span>
<span class="w"> </span><span class="nt">community.crypto.acme_inspect</span><span class="p">:</span>
<span class="w"> </span><span class="nt">acme_directory</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">https://acme-staging-v02.api.letsencrypt.org/directory</span>
<span class="w"> </span><span class="nt">acme_version</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">2</span>
<span class="w"> </span><span class="nt">account_key_src</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/pki/cert/private/account.key</span>
<span class="w"> </span><span class="nt">account_uri</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">account_creation.headers.location</span> <span class="cp">}}</span><span class="s">&quot;</span>
<span class="w"> </span><span class="nt">url</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">http01challenge.url</span> <span class="cp">}}</span><span class="s">&quot;</span>