damex.cloudflare.cloudflare_acme role – Ensure Cloudflare ACME.

Note

This role is part of the damex.cloudflare collection (version 1.0.6).

It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it use: ansible-galaxy collection install damex.cloudflare.

To use it in a playbook, specify: damex.cloudflare.cloudflare_acme.

Entry point main – Ensure Cloudflare ACME.

Synopsis

  • Ensure Cloudflare ACME certificates using Let’s Encrypt DNS challenge.

Parameters

Parameter

Comments

cloudflare_acme_account_email

string

ACME account email.

cloudflare_acme_account_key_file

path

ACME account key file.

cloudflare_acme_account_key_passphrase

string

ACME account key passphrase.

cloudflare_acme_api_version

integer

ACME protocol version.

cloudflare_acme_certificate_directory

string / required

Certificate directory.

cloudflare_acme_certificate_remaining_days

integer

Minimum certificate remaining days before renewal.

cloudflare_acme_challenge_retries

integer

ACME challenge retries.

cloudflare_acme_cloudflare_account_api_key

string

Cloudflare account API key.

cloudflare_acme_cloudflare_account_email

string

Cloudflare account email.

cloudflare_acme_cloudflare_api_token

string

Cloudflare API token.

cloudflare_acme_deactivate_authzs

boolean

ACME authorization deactivation after challenge.

Choices:

  • false

  • true

cloudflare_acme_directory_url

string

ACME directory URL.

cloudflare_acme_terms_agreed

boolean

ACME terms of service agreement.

Choices:

  • false

  • true

cloudflare_acme_user

string

Certificate file owner.

cloudflare_acme_zones

list / elements=dictionary / required

Zones to issue certificates for.

cloudflare_account_api_key

string

Cloudflare account API key.

cloudflare_account_email

string

Cloudflare account email.

cloudflare_api_token

string

Cloudflare API token.

domains

list / elements=dictionary / required

Certificate domains.

deactivate_authzs

boolean

ACME authorization deactivation after challenge.

Choices:

  • false

  • true

name

string / required

Primary domain name.

names

list / elements=string

Subject alternative names.

name

string / required

Zone domain name.

Examples

- name: Ensure cloudflare acme
  hosts: all
  tasks:
    - name: Ensure cloudflare acme
      ansible.builtin.import_role:
        name: damex.cloudflare.cloudflare_acme
      vars:
        cloudflare_acme_account_email: user@example.com
        cloudflare_acme_certificate_directory: /etc/ssl/acme
        cloudflare_acme_cloudflare_api_token: "{{ cloudflare_api_token }}"
        cloudflare_acme_zones:
          - name: example.com
            domains:
              - name: example.com
                names:
                  - www.example.com