internet/community.crypto
3
0
Fork 0
mirror of https://github.com/ansible-collections/community.crypto.git synced 2026-03-30 23:33:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

deploy: b1dfcf89a4

Browse Source
This commit is contained in:
felixfontein
2025-07-06 15:25:44 +00:00
parent d66518919f
commit b608390b32
6 changed files with 11 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
branch/stable-2/acme_ari_info_module.html
View File

@@ -208,7 +208,7 @@ see <a class="reference internal" href="#ansible-collections-community-crypto-ac
<h2><a class="toc-backref" href="#id1" role="doc-backlink">Synopsis</a><a class="headerlink" href="#synopsis" title="Link to this heading"></a></h2>
<ul class="simple">
<li><p>Allows to retrieve renewal information on a certificate obtained with the <a class="reference external" href="https://tools.ietf.org/html/rfc8555">ACME protocol</a>.</p></li>
<li><p>This module only works with the ACME v2 protocol, and requires the ACME server to support the ARI extension (<a class="reference external" href="https://datatracker.ietf.org/doc/draft-ietf-acme-ari/">https://datatracker.ietf.org/doc/draft-ietf-acme-ari/</a>). This module implements version 3 of the ARI draft.</p></li>
<li><p>This module only works with the ACME v2 protocol, and requires the ACME server to support the ARI extension (<a class="reference external" href="https://www.rfc-editor.org/rfc/rfc9773.html">RFC 9773</a>).</p></li>
</ul>
</section>
<section id="requirements">
@@ -407,7 +407,7 @@ see <a class="reference internal" href="#ansible-collections-community-crypto-ac
<div class="ansibleOptionAnchor" id="return-renewal_info"></div><p class="ansible-option-title" id="ansible-collections-community-crypto-acme-ari-info-module-return-renewal-info"><strong>renewal_info</strong></p>
<a class="ansibleOptionLink" href="#return-renewal_info" title="Permalink to this return value"></a><p class="ansible-option-type-line"><span class="ansible-option-type">dictionary</span></p>
</div></td>
<td><div class="ansible-option-cell"><p>The ARI renewal info object (<a class="reference external" href="https://www.ietf.org/archive/id/draft-ietf-acme-ari-03.html#section-4.2">https://www.ietf.org/archive/id/draft-ietf-acme-ari-03.html#section-4.2</a>).</p>
<td><div class="ansible-option-cell"><p>The ARI renewal info object (<a class="reference external" href="https://www.rfc-editor.org/rfc/rfc9773.html#section-4.2">https://www.rfc-editor.org/rfc/rfc9773.html#section-4.2</a>).</p>
<p class="ansible-option-line"><strong class="ansible-option-returned-bold">Returned:</strong> success</p>
</div></td>
</tr>

2
branch/stable-2/acme_certificate_module.html
View File

@@ -428,7 +428,7 @@ see <a class="reference internal" href="#ansible-collections-community-crypto-ac
<a class="ansibleOptionLink" href="#parameter-include_renewal_cert_id" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
<p><em class="ansible-option-versionadded">added in community.crypto 2.20.0</em></p>
</div></td>
<td><div class="ansible-option-cell"><p>Determines whether to request renewal of an existing certificate according to <a class="reference external" href="https://www.ietf.org/archive/id/draft-ietf-acme-ari-03.html#section-5">the ACME ARI draft 3</a>.</p>
<td><div class="ansible-option-cell"><p>Determines whether to request renewal of an existing certificate according to <a class="reference external" href="https://www.rfc-editor.org/rfc/rfc9773.html#section-5">Section 5 of RFC 9773</a>.</p>
<p>This is only used when the certificate specified in <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-acme-certificate-module-parameter-dest"><span class="std std-ref"><span class="pre">dest</span></span></a></strong></code> or <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-acme-certificate-module-parameter-fullchain-dest"><span class="std std-ref"><span class="pre">fullchain_dest</span></span></a></strong></code> already exists.</p>
<p>Generally you should use <code class="ansible-value docutils literal notranslate"><span class="pre">when_ari_supported</span></code> if you know that the ACME service supports a compatible draft (or final version, once it is out) of the ARI extension. <code class="ansible-value docutils literal notranslate"><span class="pre">always</span></code> should never be necessary. If you are not sure, or if you receive strange errors on invalid <code class="docutils literal notranslate"><span class="pre">replaces</span></code> values in order objects, use <code class="ansible-value docutils literal notranslate"><span class="pre">never</span></code>, which also happens to be the default.</p>
<p>ACME servers might refuse to create new orders with <code class="docutils literal notranslate"><span class="pre">replaces</span></code> for certificates that already have an existing order. This can happen if this module is used to create an order, and then the playbook/role fails in case the challenges cannot be set up. If the playbook/role does not record the order data to continue with the existing order, but tries to create a new one on the next run, creating the new order might fail. If <code class="ansible-option-value docutils literal notranslate"><a class="reference internal" href="#ansible-collections-community-crypto-acme-certificate-module-parameter-order-creation-error-strategy"><span class="std std-ref"><span class="pre">order_creation_error_strategy=fail</span></span></a></code> this will make the module fail. <code class="ansible-option-value docutils literal notranslate"><a class="reference internal" href="#ansible-collections-community-crypto-acme-certificate-module-parameter-order-creation-error-strategy"><span class="std std-ref"><span class="pre">order_creation_error_strategy=auto</span></span></a></code> and <code class="ansible-option-value docutils literal notranslate"><a class="reference internal" href="#ansible-collections-community-crypto-acme-certificate-module-parameter-order-creation-error-strategy"><span class="std std-ref"><span class="pre">order_creation_error_strategy=retry_without_replaces_cert_id</span></span></a></code> will avoid this by leaving away <code class="docutils literal notranslate"><span class="pre">replaces</span></code> on retries.</p>

4
branch/stable-2/acme_certificate_order_create_module.html
View File

@@ -380,8 +380,8 @@ If <code class="ansible-option docutils literal notranslate"><strong><a class="r
<div class="ansibleOptionAnchor" id="parameter-replaces_cert_id"></div><p class="ansible-option-title" id="ansible-collections-community-crypto-acme-certificate-order-create-module-parameter-replaces-cert-id"><strong>replaces_cert_id</strong></p>
<a class="ansibleOptionLink" href="#parameter-replaces_cert_id" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
</div></td>
<td><div class="ansible-option-cell"><p>If provided, will request the order to replace the certificate identified by this certificate ID according to <a class="reference external" href="https://www.ietf.org/archive/id/draft-ietf-acme-ari-03.html#section-5">the ACME ARI draft 3</a>.</p>
<p>This certificate ID must be computed as specified in <a class="reference external" href="https://www.ietf.org/archive/id/draft-ietf-acme-ari-03.html#section-4.1">the ACME ARI draft 3</a>. It is returned as return value <code class="ansible-return-value docutils literal notranslate"><a class="reference internal" href="acme_certificate_renewal_info_module.html#ansible-collections-community-crypto-acme-certificate-renewal-info-module-return-cert-id"><span class="std std-ref"><span class="pre">cert_id</span></span></a></code> of the <a class="reference internal" href="acme_certificate_renewal_info_module.html#ansible-collections-community-crypto-acme-certificate-renewal-info-module"><span class="std std-ref">community.crypto.acme_certificate_renewal_info</span></a> module.</p>
<td><div class="ansible-option-cell"><p>If provided, will request the order to replace the certificate identified by this certificate ID according to <a class="reference external" href="https://www.rfc-editor.org/rfc/rfc9773.html#section-5">Section 5 of RFC 9773</a>.</p>
<p>This certificate ID must be computed as specified in <a class="reference external" href="https://www.rfc-editor.org/rfc/rfc9773.html#section-4.1">Section 4.1 of RFC 9773</a>. It is returned as return value <code class="ansible-return-value docutils literal notranslate"><a class="reference internal" href="acme_certificate_renewal_info_module.html#ansible-collections-community-crypto-acme-certificate-renewal-info-module-return-cert-id"><span class="std std-ref"><span class="pre">cert_id</span></span></a></code> of the <a class="reference internal" href="acme_certificate_renewal_info_module.html#ansible-collections-community-crypto-acme-certificate-renewal-info-module"><span class="std std-ref">community.crypto.acme_certificate_renewal_info</span></a> module.</p>
<p>ACME servers might refuse to create new orders that indicate to replace a certificate for which an active replacement order already exists. This can happen if this module is used to create an order, and then the playbook/role fails in case the challenges cannot be set up. If the playbook/role does not record the order data to continue with the existing order, but tries to create a new one on the next run, creating the new order might fail. If <code class="ansible-option-value docutils literal notranslate"><a class="reference internal" href="#ansible-collections-community-crypto-acme-certificate-order-create-module-parameter-order-creation-error-strategy"><span class="std std-ref"><span class="pre">order_creation_error_strategy=fail</span></span></a></code> this will make the module fail. <code class="ansible-option-value docutils literal notranslate"><a class="reference internal" href="#ansible-collections-community-crypto-acme-certificate-order-create-module-parameter-order-creation-error-strategy"><span class="std std-ref"><span class="pre">order_creation_error_strategy=auto</span></span></a></code> and <code class="ansible-option-value docutils literal notranslate"><a class="reference internal" href="#ansible-collections-community-crypto-acme-certificate-order-create-module-parameter-order-creation-error-strategy"><span class="std std-ref"><span class="pre">order_creation_error_strategy=retry_without_replaces_cert_id</span></span></a></code> will avoid this by leaving away <code class="docutils literal notranslate"><span class="pre">replaces</span></code> on retries.</p>
<p>If <code class="ansible-option-value docutils literal notranslate"><a class="reference internal" href="#ansible-collections-community-crypto-acme-certificate-order-create-module-parameter-order-creation-error-strategy"><span class="std std-ref"><span class="pre">order_creation_error_strategy=fail</span></span></a></code>, for the above reason, this option should only be used if the role/playbook using it keeps track of order data accross restarts, or if it takes care to deactivate orders whose processing is aborted. Orders can be deactivated with the <a class="reference internal" href="acme_certificate_deactivate_authz_module.html#ansible-collections-community-crypto-acme-certificate-deactivate-authz-module"><span class="std std-ref">community.crypto.acme_certificate_deactivate_authz</span></a> module.</p>
</div></td>

4
branch/stable-2/acme_certificate_order_info_module.html
View File

@@ -799,8 +799,8 @@ see <a class="reference internal" href="#ansible-collections-community-crypto-ac
<div class="ansibleOptionAnchor" id="return-order/replaces"></div><p class="ansible-option-title" id="ansible-collections-community-crypto-acme-certificate-order-info-module-return-order-replaces"><strong>replaces</strong></p>
<a class="ansibleOptionLink" href="#return-order/replaces" title="Permalink to this return value"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
</div></td>
<td><div class="ansible-option-indent-desc"></div><div class="ansible-option-cell"><p>If the order was created to replace an existing certificate using the <code class="docutils literal notranslate"><span class="pre">replaces</span></code> mechanism from <a class="reference external" href="https://datatracker.ietf.org/doc/draft-ietf-acme-ari/">draft-ietf-acme-ari</a>, this provides the certificate ID of the certificate that will be replaced by this order.</p>
<p class="ansible-option-line"><strong class="ansible-option-returned-bold">Returned:</strong> when the certificate order is replacing a certificate through draft-ietf-acme-ari</p>
<td><div class="ansible-option-indent-desc"></div><div class="ansible-option-cell"><p>If the order was created to replace an existing certificate using the <code class="docutils literal notranslate"><span class="pre">replaces</span></code> mechanism from <a class="reference external" href="https://www.rfc-editor.org/rfc/rfc9773.html">RFC 9773</a>, this provides the certificate ID of the certificate that will be replaced by this order.</p>
<p class="ansible-option-line"><strong class="ansible-option-returned-bold">Returned:</strong> when the certificate order is replacing a certificate through RFC 9773</p>
</div></td>
</tr>
<tr class="row-odd"><td><div class="ansible-option-indent"></div><div class="ansible-option-cell">

6
branch/stable-2/acme_certificate_renewal_info_module.html
View File

@@ -208,7 +208,7 @@ see <a class="reference internal" href="#ansible-collections-community-crypto-ac
<h2><a class="toc-backref" href="#id1" role="doc-backlink">Synopsis</a><a class="headerlink" href="#synopsis" title="Link to this heading"></a></h2>
<ul class="simple">
<li><p>Uses various information to determine whether a certificate should be renewed or not.</p></li>
<li><p>If available, the ARI extension (ACME Renewal Information, <a class="reference external" href="https://datatracker.ietf.org/doc/draft-ietf-acme-ari/">https://datatracker.ietf.org/doc/draft-ietf-acme-ari/</a>) is used. This module implements version 3 of the ARI draft.”.</p></li>
<li><p>If available, the ARI extension (ACME Renewal Information, <a class="reference external" href="https://www.rfc-editor.org/rfc/rfc9773.html">RFC 9773</a>) is used.</p></li>
</ul>
</section>
<section id="requirements">
@@ -262,7 +262,7 @@ see <a class="reference internal" href="#ansible-collections-community-crypto-ac
<a class="ansibleOptionLink" href="#parameter-ari_algorithm" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
</div></td>
<td><div class="ansible-option-cell"><p>If ARI information is used, selects which algorithm is used to determine whether to renew now.</p>
<p><code class="ansible-value docutils literal notranslate"><span class="pre">standard</span></code> selects the <a class="reference external" href="https://www.ietf.org/archive/id/draft-ietf-acme-ari-03.html#name-renewalinfo-objects">algorithm provided in the the ARI specification</a>.</p>
<p><code class="ansible-value docutils literal notranslate"><span class="pre">standard</span></code> selects the <a class="reference external" href="https://www.rfc-editor.org/rfc/rfc9773.html#section-4.2">algorithm provided in the the ARI specification</a>.</p>
<p><code class="ansible-value docutils literal notranslate"><span class="pre">start</span></code> returns <code class="ansible-return-value docutils literal notranslate"><a class="reference internal" href="#ansible-collections-community-crypto-acme-certificate-renewal-info-module-return-should-renew"><span class="std std-ref"><span class="pre">should_renew=true</span></span></a></code> once the start of the renewal interval has been reached.</p>
<p class="ansible-option-line"><strong class="ansible-option-choices">Choices:</strong></p>
<ul class="simple">
@@ -479,7 +479,7 @@ see <a class="reference internal" href="#ansible-collections-community-crypto-ac
<div class="ansibleOptionAnchor" id="return-cert_id"></div><p class="ansible-option-title" id="ansible-collections-community-crypto-acme-certificate-renewal-info-module-return-cert-id"><strong>cert_id</strong></p>
<a class="ansibleOptionLink" href="#return-cert_id" title="Permalink to this return value"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
</div></td>
<td><div class="ansible-option-cell"><p>The certificate ID according to the <a class="reference external" href="https://www.ietf.org/archive/id/draft-ietf-acme-ari-03.html#section-4.1">ARI specification</a>.</p>
<td><div class="ansible-option-cell"><p>The certificate ID according to <a class="reference external" href="https://www.rfc-editor.org/rfc/rfc9773.html#section-4.1">Section 4.1 in RFC 9773</a>.</p>
<p class="ansible-option-line"><strong class="ansible-option-returned-bold">Returned:</strong> success, the certificate exists, and has an Authority Key Identifier X.509 extension</p>
<p class="ansible-option-line ansible-option-sample"><strong class="ansible-option-sample-bold">Sample:</strong> <code class="ansible-option-sample docutils literal notranslate"><span class="pre">&quot;aYhba4dGQEHhs3uEe6CuLN4ByNQ.AIdlQyE&quot;</span></code></p>
</div></td>

2
branch/stable-2/searchindex.js
View File

File diff suppressed because one or more lines are too long