Hello, I'm Maneshwar. I'm building git-lrc, an AI code reviewer that runs on every commit. It is free, unlimited, and source-available on Github. Star Us to help devs discover the project. Do give it a try and share your feedback for improving the product.
Hello, I'm Maneshwar. I'm working on FreeDevTools online currently building **one place for all dev tools, cheat codes, and TLDRs* — a free, open-source hub where developers can quickly find and use tools without any hassle of searching all over the internet.
---
# TLS with Ansible: Automate Let’s Encrypt via `geerlingguy.
certbot`
Yesterday, we automated syncing NGINX config files using Ansible. Today, we’ll crank it up a notch — let’s auto-provision SSL certificates with Let’s Encrypt using a battle-tested community role.
No more Certbot copy-paste rituals.
No more forgetting cron jobs. Ansible’s got your back.
✋ What’s a “role” again?
Roles in Ansible are reusable chunks of automation.
Think of them like npm packages, but for infrastructure.
They organize tasks, variables, files, templates, etc., into a standard structure.
You just plug them into your playbook.
We’re using two roles here:
-
geerlingguy.certbot: Automates Certbot installation, renewal, and cert generation. -
geerlingguy.nginx: Optional, for managing NGINX itself if you want to go full infra-as-code.
Setup requirements.yml
Here’s how you declare role dependencies:
`yaml
requirements.yml
roles:
- src: geerlingguy.nginx
- src: geerlingguy.certbot
collections:
- name: community.general
`
Install them:
bash
ansible-galaxy install -r requirements.yml
Update Folder Structure
We're adding 3 new task files under the same role:
roles/
└─ nginx-conf-sync/
└─ tasks/
├─ ensure-sites-enabled-included.yml
├─ install-cron.yml
├─ certbot-setup-playbook.yml
├─ restart-nginx.yml
├─create-nginx-confs.yml
└─main.yml
Updated main.yml in tasks
- import_tasks: ensure-sites-enabled-included.yml
- import_tasks: create-nginx-confs.yml
- import_tasks: install-cron.yml
- import_tasks: certbot-setup-playbook.yml
- import_tasks: restart-nginx.yml
`
install-cron.yml
`yaml
- name: Ensure cron is installed
apt:
name: cron
state: present
update_cache: yes
`
certbot-setup-playbook.yml
`yaml
- name: Setup Let's Encrypt certificates using Certbot
include_role:
name: geerlingguy.certbot
vars:
certbot_admin_email: shrijith@hexmos.com
certbot_create_if_missing: true
certbot_create_method: standalone
certbot_create_standalone_stop_services:
- nginx
certbot_certs: >-
{{ nginx_conf_domains
| map('regex_replace', '^(.*)$', '{ "domains": ["\1"] }')
| map('from_yaml') | list }}
`
- nginx
certbot_certs: >-
{{ nginx_conf_domains
| map('regex_replace', '^(.*)$', '{ "domains": ["\1"] }')
| map('from_yaml') | list }}
`
🔎 This dynamic Jinja2 expression auto-generates a list of domain objects for the role, like:
`yaml
certbot_certs:
- domains: ["blog.dev.to"]
- domains: ["api.dev.to"] `
restart-nginx.yml
`yaml
name: Test NGINX configuration
command: nginx -t
args:
executable: /bin/bashname: Reload nginx
service:
name: nginx
state: reloadedname: Restart NGINX
command: sudo systemctl restart nginx
args:
executable: /bin/bash
`
Run it all
bash
ansible-playbook -i hosts.ini nginx-conf-sync-playbook.yml -v
And you’ve got HTTPS in one command. 🎉
Bonus: Role Customization 101
The geerlingguy.certbot role is highly customizable.
| Variable | What It Does |
|---|---|
certbot_install_method |
Install via package, snap, or source. |
certbot_auto_renew |
Enables daily renewal via cron. |
certbot_auto_renew_hour / minute
|
Controls when the renewal happens. |
certbot_testmode |
Set true for dry-run with Let's Encrypt staging. |
certbot_create_method |
Use standalone or webroot. |
certbot_certs |
A list of domain sets to generate certs for. |
Pro Tip: You can generate certs even for wildcard domains or configure
HSTSviacertbot_hsts: true.
Use the community-built geerlingguy.certbot role to automate HTTPS for all your NGINX sites. Hook it up with your Ansible role, drop in a few lines, and you're done.
Infrastructure as code isn’t just for big teams. It’s for anyone who values their weekend.
I’ve been building .
A collection of UI/UX-focused tools crafted to simplify workflows, save time, and reduce friction in searching tools/materials.
Any feedback or contributors are welcome!
It’s online, open-source, and ready for anyone to use.
👉 Check it out:
⭐ Star it on GitHub:
Let’s make it even better together.
*AI agents write code fast. They also silently remove logic, change behavior, and introduce bugs -- without telling you. You often find out in production.
git-lrc fixes this. It hooks into git commit and reviews every diff before it lands. 60-second setup. Completely free.*
Any feedback or contributors are welcome! It's online, source-available, and ready for anyone to use.
⭐ Star it on GitHub:
HexmosTech
/
git-lrc
Free, Unlimited AI Code Reviews That Run on Commit
git-lrc
Free, Unlimited AI Code Reviews That Run on Commit
AI agents write code fast. They also silently remove logic, change behavior, and introduce bugs -- without telling you. You often find out in production.
git-lrc fixes this. It hooks into git commit and reviews every diff before it lands. 60-second setup. Completely free.
See It In Action
See git-lrc catch serious security issues such as leaked credentials, expensive cloud operations, and sensitive material in log statements
git-lrc-intro-60s.mp4
Why
- 🤖 AI agents silently break things. Code removed. Logic changed. Edge cases gone. You won't notice until production.
- 🔍 Catch it before it ships. AI-powered inline comments show you exactly what changed and what looks wrong.
- 🔁 Build a habit, ship better code. Regular review → fewer bugs → more robust code → better results in your team.
- 🔗 Why git? Git is universal. Every editor, every IDE, every AI…
Top comments (1)
Love how clear and actionable this process is, honestly feels like reclaiming my weekends. Have you run into any tricky edge cases automating certs across multiple environments?
Some comments may only be visible to logged-in visitors. Sign in to view all comments.