Hi, you cannot use http-01 challenges for wildcard certificates. You need to use the dns-01 challenge type for that. (This is a policy decision by Let's Encrypt.)
How that works depends on how your DNS setup. Ansible needs to be able to create/update the DNS TXT record _acme_challenge.domain.name for this. (If you feel uncomfortable to give Let's Encrypt access to it, you can also use a CNAME record and use https://github.com/joohoi/acme-dns. Haven't tried that with Ansible though.) > <https://www.digitalocean.com/community/tutorials/how-to-acquire-a-let-s-encrypt-certificate-using-ansible-on-ubuntu-18-04> Interesting, I haven't seen that. One remark: you should change the step which creates the http-01 challenge files slightly by adding when: item in acme_challenge_your_domain['challenge_data'] to it. (Also see the examples in the module docs: https://docs.ansible.com/ansible/latest/modules/acme_certificate_module.html#examples) > Obviously... You can't name a file with a '*' in it's name. Actually, you can; you can even have a newline in a filename. But that's never a good idea ;-) And won't help you here, since you can't get wildcard certificates with the http-01 challenge. Cheers, Felix -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/20200405095342.2da6eced%40rovaniemi.
