Requires ansible-freebsd-s6 to be applied first.
Define a list of domains to provision certificates for. One certificate may contains Subject Alternative Name (SAN) of which the first Common Name will be used as a primary cert name, for example:
dehydrated_domains: - foo.example.com - example.com *.example.com
In the above example, two certificates will be created:
foo.example.comonly valid for
example.comalso valid for all subdomains under
Configure Lexicon. See also Lexicon documentation. For example:
dehydrated_lexicon_config: PROVIDER: cloudflare LEXICON_CLOUDFLARE_AUTH_TOKEN: replacement LEXICON_CLOUDFLARE_ZONE_ID: replaceme
dehydrated_logger: | #!/usr/local/bin/execlineb -P s6-log -b n10 s1000000 t !"gzip -nq9" /var/log/dehydrated/
Configure a Dehydrated logger. See also s6-log.
Command to run after Dehydrated successfully provisioned a certificate. This command will be run as root in a POSIX shell. Useful for reloading a web server, e.g.
dehydrated_postcmds: - s6-svc -h /var/service/nginx
Use Let's Encrypt staging environment instead of production. Useful for testing.