We can use a command-line tool offered by Let's Encrypt to get free SSL/TLS certificates in an open, automated manner.
The tool is capable of reading and understanding an nginx virtual host file and generating the relevant certificates completely automatically, without any kind of manual intervention:
- name: adding certbot ppa apt_repository: repo: "ppa:certbot/certbot" - name: install certbot apt: name: "{{ item }}" update_cache: yes state: present with_items: - python-certbot-nginx - name: check if we have generated a cert already stat: path: "/etc/letsencrypt/live/{{ website_domain_name }}/fullchain.pem" register: cert_stats - name: run certbot to generate the certificates shell: "certbot certonly --standalone -d {{ website_domain_name }} --email {{ service_admin_email }} --non-interactive --agree-tos" when: cert_stats.stat.exists == False - name: configuring site files template: src: website.conf ...