first attempt at certbot role

Signed-off-by: Ricky Elrod <codeblock@fedoraproject.org>

roles/certbot/README

@@ -0,0 +1,22 @@
+First go at a certbot/letsencrypt role for Fedora Infra
+
+To use it:
+
+1) Include the role in your playbook. This will install certbot and put a
+   tiny bit of Apache config in place, along with a monthly cron to attempt to
+   renew certificates.
+2) Add the following lines to your Apache virthost:
+
+  RewriteEngine on
+  RewriteRule ^/\.well-known/(.*) /srv/web/acme-challenge/.well-known/$1 [L]
+
+2) ssh to the relevant box
+
+  # TODO: Fix selinux stuff - the cron won't work until it's fixed either.
+  service httpd graceful
+  setenforce 0
+  certbot certonly --manual-public-ip-logging-ok --webroot -w \
+    /srv/web/acme-challenge/ -d YOURINSTANCE.fedorainfracloud.org
+  setenforce 1
+
+

roles/certbot/files/acme-challenge.conf

@@ -0,0 +1,3 @@
+<Directory "/srv/web/acme-challenge/">
+  Require all granted
+</Directory>

roles/certbot/tasks/main.yml

@@ -0,0 +1,13 @@
+- name: Install the needed packages
+  yum: pkg={{item}} state=present
+  with_items:
+  - certbot
+
+- name: Create directory for ACME challenge
+  file: dest=/srv/web/acme-challenge state=directory
+
+- name: Allow httpd to see ACME challenge directory
+  copy: src=acme-challenge.conf dest=/etc/httpd/conf.d/acme-challenge.conf
+
+- name: Certbot renewal cron
+  cron: special_time=monthly job="certbot renew"