[certbot] Configure certbot

Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>

roles/certbot/templates/letsencrypt/conf.d/certname.ini.j2

@@ -0,0 +1,28 @@
+{{ ansible_header | comment(decoration='# ') }}
+
+# To generate the certificate, please use the following command
+# certbot --config /etc/letsencrypt/conf.d/{{ item.certname }}.ini certonly
+
+# Use a 4096 bit RSA key instead of 2048
+rsa-key-size = 4096
+
+# Always use the staging/testing server
+# server = https://acme-staging.api.letsencrypt.org/directory
+
+# Uncomment and update to register with the specified e-mail address
+email = {{ item.mail }}
+
+# Uncomment to use a text interface instead of ncurses
+text = True
+
+# Yes I want to sell my soul and my guinea pig.
+agree-tos = True
+
+# Use DNS-01 challenge
+authenticator = dns-rfc2136
+dns-rfc2136-credentials = /etc/letsencrypt/rfc2136.{{ item.certname }}.ini
+dns-rfc2136-propagation-seconds = 30
+
+# Wildcard the domain
+cert-name = {{ item.certname }}
+domains = {{ item.domains }}

roles/certbot/templates/letsencrypt/dhparam.j2

@@ -0,0 +1,8 @@
+-----BEGIN DH PARAMETERS-----
+MIIBCAKCAQEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz
++8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a
+87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7
+YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi
+7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD
+ssbzSibBsu/6iGtCOGEoXJf//////////wIBAg==
+-----END DH PARAMETERS-----

roles/certbot/templates/letsencrypt/rfc2136.ini.j2

@@ -0,0 +1,7 @@
+{{ ansible_header | comment(decoration='# ') }}
+
+dns_rfc2136_server = {{ item.dns_rfc2136_server }}
+dns_rfc2136_port = 53
+dns_rfc2136_name = {{ item.dns_rfc2136_name }}
+dns_rfc2136_secret = {{ item.dns_rfc2136_secret }}
+dns_rfc2136_algorithm = HMAC-SHA512