xoxys.certbot/defaults/main.yml

---
certbot_work_dir: /var/lib/letsencrypt
certbot_config_dir: /etc/letsencrypt
certbot_log_dir: /var/log/letsencrypt
certbot_environment:
  - { name: "{{ certbot_work_dir }}", mode: '0755' }
  - { name: "{{ certbot_config_dir }}", mode: '0755' }
  - { name: "{{ certbot_log_dir }}", mode: '0700' }
certbot_user: root

certbot_preferred_challenges: dns
certbot_server: https://acme-v02.api.letsencrypt.org/directory
certbot_email: mail@example.com
certbot_rsa_key_size: 4096
certbot_domains:
  - example.com

certbot_command_arguments:
  - "certonly"
  - "--agree-tos"
  - "--manual"
  - "--manual-auth-hook /path/to/authenticator.py"
  - "--manual-cleanup-hook /path/to/cleanup.py"
  - "--manual-public-ip-logging-ok"
  - "-n"
  - "-d {{ certbot_domains | join(',') }}"

# Use a file under /etc/cron.d
# Works onyl if certbot_user is root
# certbot_cronfile: certbot-letsencrypt