---
title: certbot
type: docs
---

[![Source Code](https://img.shields.io/badge/gitea-source%20code-blue?logo=gitea&logoColor=white)](https://gitea.rknet.org/ansible/xoxys.certbot) [![Build Status](https://img.shields.io/drone/build/ansible/xoxys.certbot?logo=drone&server=https%3A%2F%2Fdrone.rknet.org)](https://drone.rknet.org/ansible/xoxys.certbot) [![License: MIT](https://img.shields.io/badge/license-MIT-blue.svg)](LICENSE) 

Setup [certbot](https://certbot.eff.org/) Let's Encrypt client.

* [Default Variables](#default-variables)
  * [certbot_bin](#certbot_bin)
  * [certbot_command_arguments](#certbot_command_arguments)
  * [certbot_config_dir](#certbot_config_dir)
  * [certbot_credentials](#certbot_credentials)
  * [certbot_cron_enabled](#certbot_cron_enabled)
  * [certbot_cron_file](#certbot_cron_file)
  * [certbot_cron_hour](#certbot_cron_hour)
  * [certbot_cron_minute](#certbot_cron_minute)
  * [certbot_domain_groups](#certbot_domain_groups)
  * [certbot_email](#certbot_email)
  * [certbot_log_dir](#certbot_log_dir)
  * [certbot_packages_extra](#certbot_packages_extra)
  * [certbot_pip](#certbot_pip)
  * [certbot_preferred_challenges](#certbot_preferred_challenges)
  * [certbot_rsa_key_size](#certbot_rsa_key_size)
  * [certbot_server](#certbot_server)
  * [certbot_user](#certbot_user)
  * [certbot_work_dir](#certbot_work_dir)
* [Dependencies](#dependencies)

---

## Default Variables

### certbot_bin

Location of the certbot binary. Default is to `~/.local/.bin/certbot`.

### certbot_command_arguments

#### Default value

```YAML
certbot_command_arguments:
  - certonly
```

### certbot_config_dir

#### Default value

```YAML
certbot_config_dir: /etc/letsencrypt
```

### certbot_credentials

Specify key value parairs for your credentials (e.g. plugin credentials). The credentials will be saved to `{{ certbot_config_dir }}/credentials.ini and you could add the path to `certbot_command_arguments` if required.

#### Default value

```YAML
certbot_credentials: []
```

### certbot_cron_enabled

Enable scheduling via cron.

#### Default value

```YAML
certbot_cron_enabled: true
```

### certbot_cron_file

Use a file under /etc/cron.d but this will only work if `certbot_user`

#### Default value

```YAML
certbot_cron_file: _unset_
```

#### Example usage

```YAML
certbot-letsencrypt
```

### certbot_cron_hour

#### Default value

```YAML
certbot_cron_hour: '3'
```

### certbot_cron_minute

#### Default value

```YAML
certbot_cron_minute: '30'
```

### certbot_domain_groups

#### Default value

```YAML
certbot_domain_groups:
  - name: example
    domains:
      - '*.example.com'
      - example.com
    init: false
```

### certbot_email

#### Default value

```YAML
certbot_email: mail@example.com
```

### certbot_log_dir

#### Default value

```YAML
certbot_log_dir: /var/log/letsencrypt
```

### certbot_packages_extra

Extra packages to install with pip (e.g. DNS plugins).

#### Default value

```YAML
certbot_packages_extra: []
```

### certbot_pip

#### Default value

```YAML
certbot_pip: pip{{ ansible_python.version.major }}
```

### certbot_preferred_challenges

#### Default value

```YAML
certbot_preferred_challenges: dns
```

### certbot_rsa_key_size

#### Default value

```YAML
certbot_rsa_key_size: 4096
```

### certbot_server

#### Default value

```YAML
certbot_server: https://acme-v02.api.letsencrypt.org/directory
```

### certbot_user

#### Default value

```YAML
certbot_user: root
```

### certbot_work_dir

#### Default value

```YAML
certbot_work_dir: /var/lib/letsencrypt
```

## Dependencies

None.