hetzner.hcloud.certificate module – Create and manage certificates on the Hetzner Cloud.

Note

This module is part of the hetzner.hcloud collection (version 2.5.0).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install hetzner.hcloud. You need further requirements to be able to use this module, see Requirements for details.

To use it in a playbook, specify: hetzner.hcloud.certificate.

Synopsis

  • Create, update and manage certificates on the Hetzner Cloud.

Aliases: hcloud_certificate

Requirements

The below requirements are needed on the host that executes this module.

  • python-dateutil >= 2.7.5

  • requests >=2.20

Parameters

Parameter

Comments

api_endpoint

aliases: endpoint

string

The API Endpoint for the Hetzner Cloud.

You can also set this option by using the HCLOUD_ENDPOINT environment variable.

Default: "https://api.hetzner.cloud/v1"

api_token

string / required

The API Token for the Hetzner Cloud.

You can also set this option by using the HCLOUD_TOKEN environment variable.

certificate

string

Certificate and chain in PEM format, in order so that each record directly certifies the one preceding.

Required if certificate does not exist and type=uploaded.

domain_names

list / elements=string

Domains and subdomains that should be contained in the Certificate issued by Let’s Encrypt.

Required if type=managed.

Default: []

id

integer

The ID of the Hetzner Cloud certificate to manage.

Only required if no certificate name is given

labels

dictionary

User-defined labels (key-value pairs)

name

string

The Name of the Hetzner Cloud certificate to manage.

Only required if no certificate id is given or a certificate does not exist.

private_key

string

Certificate key in PEM format.

Required if certificate does not exist and type=uploaded.

state

string

State of the certificate.

Choices:

  • "absent"

  • "present" ← (default)

type

string

Choose between uploading a Certificate in PEM format or requesting a managed Let’s Encrypt Certificate.

Choices:

  • "uploaded" ← (default)

  • "managed"

See Also

See also

Documentation for Hetzner Cloud API

Complete reference for the Hetzner Cloud API.

Examples

- name: Create a basic certificate
  hetzner.hcloud.certificate:
    name: my-certificate
    certificate: -----BEGIN CERTIFICATE-----...
    private_key: -----BEGIN PRIVATE KEY-----...
    state: present

- name: Create a certificate with labels
  hetzner.hcloud.certificate:
    name: my-certificate
    certificate: -----BEGIN CERTIFICATE-----...
    private_key: -----BEGIN PRIVATE KEY-----...
    labels:
      key: value
      mylabel: 123
    state: present

- name: Create a managed certificate
  hetzner.hcloud.certificate:
    name: my-certificate
    type: managed
    domain_names:
      - example.com
      - www.example.com
    state: present

- name: Ensure the certificate is absent (remove if needed)
  hetzner.hcloud.certificate:
    name: my-certificate
    state: absent

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key

Description

hcloud_certificate

complex

The certificate instance

Returned: Always

certificate

string

Certificate and chain in PEM format

Returned: always

Sample: "-----BEGIN CERTIFICATE-----..."

domain_names

dictionary

List of Domains and Subdomains covered by the Certificate

Returned: always

fingerprint

string

Fingerprint of the certificate

Returned: always

Sample: "03:c7:55:9b:2a:d1:04:17:09:f6:d0:7f:18:34:63:d4:3e:5f"

id

integer

Numeric identifier of the certificate

Returned: always

Sample: 1937415

labels

dictionary

User-defined labels (key-value pairs)

Returned: always

name

string

Name of the certificate

Returned: always

Sample: "my website cert"

not_valid_after

string

Point in time when the Certificate stops being valid (in ISO-8601 format)

Returned: always

not_valid_before

string

Point in time when the Certificate becomes valid (in ISO-8601 format)

Returned: always

Authors

  • Lukas Kaemmerling (@lkaemmerling)