Hello, I'm Maneshwar. I'm working on FreeDevTools online currently building **one place for all dev tools, cheat codes, and TLDRs* — a free, open-source hub where developers can quickly find and use tools without any hassle of searching all over the internet.
---
# TLS with Ansible: Automate Let’s Encrypt via `geerlingguy.
certbot`
Yesterday, we automated syncing NGINX config files using Ansible. Today, we’ll crank it up a notch — let’s auto-provision SSL certificates with Let’s Encrypt using a battle-tested community role.
No more Certbot copy-paste rituals.
No more forgetting cron jobs. Ansible’s got your back.
✋ What’s a “role” again?
Roles in Ansible are reusable chunks of automation.
Think of them like npm packages, but for infrastructure.
They organize tasks, variables, files, templates, etc., into a standard structure.
You just plug them into your playbook.
We’re using two roles here:
-
geerlingguy.certbot: Automates Certbot installation, renewal, and cert generation. -
geerlingguy.nginx: Optional, for managing NGINX itself if you want to go full infra-as-code.
Setup requirements.yml
Here’s how you declare role dependencies:
`yaml
requirements.yml
roles:
- src: geerlingguy.nginx
- src: geerlingguy.certbot
collections:
- name: community.general
`
Install them:
bash
ansible-galaxy install -r requirements.yml
Update Folder Structure
We're adding 3 new task files under the same role:
roles/
└─ nginx-conf-sync/
└─ tasks/
├─ ensure-sites-enabled-included.yml
├─ install-cron.yml
├─ certbot-setup-playbook.yml
├─ restart-nginx.yml
├─create-nginx-confs.yml
└─main.yml
Updated main.yml in tasks
- import_tasks: ensure-sites-enabled-included.yml
- import_tasks: create-nginx-confs.yml
- import_tasks: install-cron.yml
- import_tasks: certbot-setup-playbook.yml
- import_tasks: restart-nginx.yml
`
install-cron.yml
`yaml
- name: Ensure cron is installed
apt:
name: cron
state: present
update_cache: yes
`
certbot-setup-playbook.yml
`yaml
- name: Setup Let's Encrypt certificates using Certbot
include_role:
name: geerlingguy.certbot
vars:
certbot_admin_email: shrijith@hexmos.com
certbot_create_if_missing: true
certbot_create_method: standalone
certbot_create_standalone_stop_services:
- nginx
certbot_certs: >-
{{ nginx_conf_domains
| map('regex_replace', '^(.*)$', '{ "domains": ["\1"] }')
| map('from_yaml') | list }}
`
- nginx
certbot_certs: >-
{{ nginx_conf_domains
| map('regex_replace', '^(.*)$', '{ "domains": ["\1"] }')
| map('from_yaml') | list }}
`
🔎 This dynamic Jinja2 expression auto-generates a list of domain objects for the role, like:
`yaml
certbot_certs:
- domains: ["blog.dev.to"]
- domains: ["api.dev.to"] `
restart-nginx.yml
`yaml
name: Test NGINX configuration
command: nginx -t
args:
executable: /bin/bashname: Reload nginx
service:
name: nginx
state: reloadedname: Restart NGINX
command: sudo systemctl restart nginx
args:
executable: /bin/bash
`
Run it all
bash
ansible-playbook -i hosts.ini nginx-conf-sync-playbook.yml -v
And you’ve got HTTPS in one command. 🎉
Bonus: Role Customization 101
The geerlingguy.certbot role is highly customizable.
| Variable | What It Does |
|---|---|
certbot_install_method |
Install via package, snap, or source. |
certbot_auto_renew |
Enables daily renewal via cron. |
certbot_auto_renew_hour / minute
|
Controls when the renewal happens. |
certbot_testmode |
Set true for dry-run with Let's Encrypt staging. |
certbot_create_method |
Use standalone or webroot. |
certbot_certs |
A list of domain sets to generate certs for. |
Pro Tip: You can generate certs even for wildcard domains or configure
HSTSviacertbot_hsts: true.
Use the community-built geerlingguy.certbot role to automate HTTPS for all your NGINX sites. Hook it up with your Ansible role, drop in a few lines, and you're done.
Infrastructure as code isn’t just for big teams. It’s for anyone who values their weekend.
I’ve been building FreeDevTools.
A collection of UI/UX-focused tools crafted to simplify workflows, save time, and reduce friction in searching tools/materials.
Any feedback or contributors are welcome!
It’s online, open-source, and ready for anyone to use.
👉 Check it out: FreeDevTools
⭐ Star it on GitHub: freedevtools
Let’s make it even better together.
Top comments (1)
Love how clear and actionable this process is, honestly feels like reclaiming my weekends. Have you run into any tricky edge cases automating certs across multiple environments?
Some comments may only be visible to logged-in visitors. Sign in to view all comments.