---
certbot_packages_extra: []

certbot_initial_run_enabled: False
certbot_work_dir: /var/lib/letsencrypt
certbot_config_dir: /etc/letsencrypt
certbot_log_dir: /var/log/letsencrypt
certbot_plugin_dir: /etc/letsencrypt/plugins
certbot_environment:
  - { name: "{{ certbot_work_dir }}", mode: '0755' }
  - { name: "{{ certbot_config_dir }}", mode: '0755' }
  - { name: "{{ certbot_log_dir }}", mode: '0700' }
  - { name: "{{ certbot_plugin_dir }}",  mode: '0755' }
certbot_user: root

certbot_preferred_challenges: dns
certbot_server: https://acme-v02.api.letsencrypt.org/directory
certbot_email: mail@example.com
certbot_rsa_key_size: 4096
certbot_domains:
  - example.com

certbot_command_arguments:
  - "certonly"
  - "--agree-tos"
  - "--manual"
  - "--manual-auth-hook /path/to/authenticator.py"
  - "--manual-cleanup-hook /path/to/cleanup.py"
  - "--manual-public-ip-logging-ok"
  - "-n"
  - "-d {{ certbot_domains | join(',') }}"

# enable scheduling via cron
certbot_scheduler_enabled: True

# Use a file under /etc/cron.d
# Works onyl if certbot_user is root
# certbot_cronfile: certbot-letsencrypt

# Setup manual auth for core-networks api
certbot_core_networks_plugin_enabled: False
certbot_core_networks_plugin_repo: https://git.rknet.org/xoxys/certbot_dns_corenetworks.git
certbot_core_networks_base_dir: "{{ certbot_plugin_dir }}/certbot_dns_corenetworks"
certbot_core_networks_plugin_version: master
certbot_core_networks_api_host: https://beta.api.core-networks.de/
certbot_core_networks_api_user: myuser
certbot_core_networks_api_password: secure
certbot_core_networks_dns_zone: mydomain.com
certbot_core_networks_log_level: error