Add LetsEncrypt roles for webserver use.

ubuntu/roles/letsencrypt/files/letsencrypt-renew

@@ -0,0 +1,4 @@
+#!/usr/bin/env bash
+
+letsencrypt renew --pre-hook "systemctl stop nginx" --post-hook "systemctl start nginx"
+

ubuntu/roles/letsencrypt/handlers/main.yml

@@ -0,0 +1,3 @@
+---
+- name: restart cron
+  service: name=cron state=restarted

ubuntu/roles/letsencrypt/tasks/main.yml

@@ -0,0 +1,20 @@
+---
+- name: Install LetsEncrypt client
+  apt: name=letsencrypt state=latest
+
+- name: Generate LetsEncrypt TLS certificates
+  shell: letsencrypt certonly -n -m "letsencrypt@sadiqsaif.ca" --agree-tos --standalone -d {{ item }}
+  with_items:
+     - asininetech.com
+     - entropynet.net
+     - i.asininetech.com
+     - sadiqsaif.ca
+     - staticsafe.ca
+     - twoshadesofbrown.com
+     - wiki.staticsafe.ca
+
+- name: Add a cron job to automatically renew LetsEncrypt certificates
+  copy: src=letsencrypt-renew dest=/etc/cron.daily/letsencrypt-renew mode=0700
+  notify:
+  - restart cron
+

ubuntu/site.yml

@@ -14,6 +14,13 @@
   roles:
     - php
 
+- name: Generate LE certs on required servers
+  hosts: webservers
+  user: root
+  
+  roles:
+    - letsencrypt
+
 - hosts: webservers
 
   roles: