internet/community.crypto
3
0
Fork 0
mirror of https://github.com/ansible-collections/community.crypto.git synced 2026-05-06 05:12:54 +00:00
Code Issues Packages Projects Releases Wiki Activity

deploy: ddbcf49868

Browse Source
This commit is contained in:
felixfontein
2024-12-28 16:09:17 +00:00
parent 448fad1fe0
commit eb959c32be
2 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
branch/main/acme_certificate_module.html
View File

@@ -204,7 +204,7 @@ see <a class="reference internal" href="#ansible-collections-community-crypto-ac
<ul class="simple">
<li><p>Create and renew SSL/TLS certificates with a CA supporting the <a class="reference external" href="https://tools.ietf.org/html/rfc8555">ACME protocol</a>, such as <a class="reference external" href="https://letsencrypt.org/">Lets Encrypt</a> or <a class="reference external" href="https://www.buypass.com/">Buypass</a>. The current implementation supports the <code class="ansible-value docutils literal notranslate"><span class="pre">http-01</span></code>, <code class="ansible-value docutils literal notranslate"><span class="pre">dns-01</span></code> and <code class="ansible-value docutils literal notranslate"><span class="pre">tls-alpn-01</span></code> challenges.</p></li>
<li><p>To use this module, it has to be executed twice. Either as two different tasks in the same run or during two runs. Note that the output of the first run needs to be recorded and passed to the second run as the module argument <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-acme-certificate-module-parameter-data"><span class="std std-ref"><span class="pre">data</span></span></a></strong></code>.</p></li>
<li><p>Between these two tasks you have to fulfill the required steps for the chosen challenge by whatever means necessary. For <code class="ansible-value docutils literal notranslate"><span class="pre">http-01</span></code> that means creating the necessary challenge file on the destination webserver. For <code class="ansible-value docutils literal notranslate"><span class="pre">dns-01</span></code> the necessary dns record has to be created. For <code class="ansible-value docutils literal notranslate"><span class="pre">tls-alpn-01</span></code> the necessary certificate has to be created and served. It is <em>not</em> the responsibility of this module to perform these steps.</p></li>
<li><p>Between these two tasks you have to fulfill the required steps for the chosen challenge by whatever means necessary. For <code class="ansible-value docutils literal notranslate"><span class="pre">http-01</span></code> that means creating the necessary challenge file on the destination webserver. For <code class="ansible-value docutils literal notranslate"><span class="pre">dns-01</span></code> the necessary DNS record has to be created. For <code class="ansible-value docutils literal notranslate"><span class="pre">tls-alpn-01</span></code> the necessary certificate has to be created and served. It is <em>not</em> the responsibility of this module to perform these steps.</p></li>
<li><p>For details on how to fulfill these challenges, you might have to read through <a class="reference external" href="https://tools.ietf.org/html/rfc8555#section-8">the main ACME specification</a> and the <a class="reference external" href="https://www.rfc-editor.org/rfc/rfc8737.html#section-3">TLS-ALPN-01 specification</a>. Also, consider the examples provided for this module.</p></li>
<li><p>The module includes experimental support for IP identifiers according to the <a class="reference external" href="https://www.rfc-editor.org/rfc/rfc8738.html">RFC 8738</a>.</p></li>
</ul>