If you are a system administrator and responsible for managing hundreds or thousands of server. Then, you may often need to install Let’s Encrypt SSL on multiple websites. Installing Let’s Encrypt SSL on multiple websites manually is a very lengthy process and not suitable for lazy system admin. This is the place where Ansible comes into the picture.
Ansible is a powerful IT automation tool that allows you to perform a repetitive task in your environment. You could write an Ansible playbook to get this done in a minute and simply invoke the Ansible playbook every time you wish to install the Let’s Encrypt SSL on websites.
In this tutorial, we will learn how to install Let’s Encrypt SSL on multiple domains using Ansible on Ubuntu 20.04.
Prerequisites
- One Ansible control node: A server running CentOS 8 with Ansible installed and configured. To set up Ansible, please follow my guide on How to Install and Setup Ansible.
- Two Ansible Target hosts: Two working website hosted with the LAMP stack on Ubuntu 20.04 server.
- A valid domain name pointed with each server IP. In this tutorial, we will use web1.linuxbuz.com and web2.linuxbuz.com for both websites.
Create an Inventory File
You will need to create an inventory file to define IP address and SSH credential of both Target hosts.
First, create a directory for your project on the Ansible controller node.
1 | mkdir letsencrypt |
Next, create an inventory file inside the letsencrypt directory:
1 | nano letsencrypt /inventory .txt |
Add the following lines:
1 2 | host1 ansible_host=192.168.0.10 ansible_user=root ansible_ssh_pass=password host2 ansible_host=192.168.0.11 ansible_user=root ansible_ssh_pass=password |
Save and close the file when you are finished.
Where:
- ansible_host is the IP address of the Target host.
- ansible_user is the root user of the Target host.
- ansible_ssh_pass is the password of the root user on the Target host.
Define a Variable
Next, you will need to define a variable to store your Domain name, Let’s Encrypt plugin information and a valid Email address.
First, create a directory for variable inside your project directory:
1 | mkdir letsencrypt /vars |
Next, create a file named default.yml to define variables:
1 | nano letsencrypt /vars/default .yml |
Add the following lines:
1 2 3 4 5 6 7 8 | certbot_site_names: { host1: "web1.linuxbuz.com" , host2: "web2.linuxbuz.com" , } certbot_package: "python3-certbot-apache" certbot_plugin: "apache" certbot_mail_address: [email protected] |
Save and close the file when you are finished.
Where:
- certbot_site_names: FQDN name of the websites on which you want to install Let’s Encrypt SSL.
- certbot_package: Package name of the Certbot client.
- certbot_plugin: Name of the Certbot plugin.
- certbot_mail_address: Valid email address.
Note: Replace apache with nginx if your websites are hosted on the Nginx server.
Create a Playbook to Install Let’s Encrypt SSL
Next, you will need to create a playbook inside your project directory to install Let’s Encrypt SSL on both websites.
This playbook will perform the following tasks.
- Install Python dependencies.
- Install the Certbot package.
- Generate Let’s Encrypt SSL and configure Apache to use that SSL.
- Set Letsencrypt Cronjob for Certificate Auto-Renewal.
To create the main playbook, run the following command:
1 | nano letsencrypt /playbook .yml |
Add the following lines:
01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 | - hosts: all vars_files: - vars /default .yml tasks: - name : Install Python Package apt: name=python3 update_cache= yes state=latest - name : Install Let's Encrypt Package apt: name={{ certbot_package }} update_cache= yes state=latest - name: Create and Install Cert Using {{ certbot_plugin }} Plugin command : "certbot --{{ certbot_plugin }} -d {{ certbot_site_names[inventory_hostname_short] }} -m {{ certbot_mail_address }} --agree-tos --noninteractive --redirect" - name: Set Letsencrypt Cronjob for Certificate Auto Renewal cron : name=letsencrypt_renewal special_time=monthly job= "/usr/bin/certbot renew" when: ansible_facts[ 'os_family' ] == "Debian" |
Save and close the file when you are finished.
Your final directory structure for Let’s Encrypt project should look like the following:
1 2 3 4 5 | /root/letsencrypt/ |-- inventory.txt |-- playbook.yml `-- vars `-- default.yml |
Run Ansible Playbook to Install Let’s Encrypt SSL
I hope you have performed all the above steps correctly. Now, change the directory to your ~/letsencrypt project and run the Ansible playbook with the following command:
1 2 | cd ~ /letsencrypt ansible-playbook playbook.yml -i inventory.txt |
This will install Let’s Encrypt SSL on all websites defined in the vars. Once the playbook has been executed successfully, you should get the following output:
01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20 21 | PLAY [all] ************************************************************************************************************************************ TASK [Gathering Facts] ************************************************************************************************************************ ok: [host1] ok: [host2] TASK [Install Python Package] ***************************************************************************************************************** ok: [host1] ok: [host2] TASK [Install Let's Encrypt Package] ********************************************************************************************************** ok: [host1] ok: [host2] TASK [Create and Install Cert Using Apache Plugin] ******************************************************************************************** ok: [host1] ok: [host2] PLAY RECAP ************************************************************************************************************************************ host1 : ok=3 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 host2 : ok=5 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 |
You can now able to access your website web1.linuxbuz.com and web2.linuxbuz.com securely using the URL https://your-website.com.
You should also read the following chapters:
1. Introduction
2. Lab Setup – Install Ansible
3. Ansible Inventory
4. Introduction to YAML
5. Ansible Playbooks
6. Ansible Modules
7. Ansible Variables
8. Ansible Conditionals and Loops
9. Ansible Roles
10. Ansible Projects
- Install WordPress with Ansible
- Install Let’s Encrypt with Ansible