72 lines
3.1 KiB
YAML
72 lines
3.1 KiB
YAML
---
|
|
|
|
- name: "Certificates | Debian | LetsEncrypt Certbot | {{ le_name }} | Showing debug info"
|
|
ansible.builtin.debug:
|
|
var: le_cert
|
|
when:
|
|
- debug is defined
|
|
- debug
|
|
|
|
- name: "Certificates | Debian | LetsEncrypt Certbot | {{ le_name }} | Creating directory"
|
|
ansible.builtin.file:
|
|
path: "{{ item }}"
|
|
state: directory
|
|
owner: 'root'
|
|
group: 'root'
|
|
mode: 0755
|
|
loop:
|
|
- "{{ CERT_CONFIG.path }}"
|
|
- "{{ le_path }}"
|
|
changed_when: false
|
|
|
|
- name: "Certificates | Debian | LetsEncrypt Certbot | {{ le_name }} | Certbot command (FYI)"
|
|
ansible.builtin.debug:
|
|
msg: "certbot certonly --non-interactive --agree-tos --no-redirect{% if debug or testing %} --staging{% endif %}
|
|
--{{ CERT_CONFIG.letsencrypt.service }} --cert-name {{ le_name }}
|
|
-{{ CERT_CONFIG.letsencrypt.verbosity }}
|
|
--rsa-key-size {{ le_cert.key_size }}
|
|
--config-dir {{ CERT_CONFIG.letsencrypt.path }}
|
|
{% for domain in le_cert.domains %}{% if domain | valid_hostname %}--domain {{ domain }} {% endif %}{% endfor %}
|
|
{% if le_cert.email is not none %}--email {{ le_cert.email }} {% else %}--email {{ CERT_CONFIG.cert.email }} {% endif %}"
|
|
when: le_changed
|
|
|
|
- name: "Certificates | Debian | LetsEncrypt Certbot | {{ le_name }} | Running certbot"
|
|
ansible.builtin.command: "certbot certonly --non-interactive --agree-tos --no-redirect{% if debug or testing %} --staging{% endif %}
|
|
--{{ CERT_CONFIG.letsencrypt.service }} --cert-name {{ le_name }}
|
|
-{{ CERT_CONFIG.letsencrypt.verbosity }}
|
|
--rsa-key-size {{ le_cert.key_size }}
|
|
--config-dir {{ CERT_CONFIG.letsencrypt.path }}
|
|
{% for domain in le_cert.domains %}{% if domain | valid_hostname %}--domain {{ domain }} {% endif %}{% endfor %}
|
|
{% if le_cert.email is not none %}--email {{ le_cert.email }} {% else %}--email {{ CERT_CONFIG.cert.email }} {% endif %}"
|
|
when: le_changed
|
|
|
|
- name: "Certificates | Debian | LetsEncrypt Certbot | {{ le_name }} | Adding dummy certs"
|
|
ansible.builtin.include_tasks: test.yml
|
|
when: testing
|
|
|
|
- name: "Certificates | Debian | LetsEncrypt Certbot | {{ le_name }} | Linking cert"
|
|
ansible.builtin.file:
|
|
state: link
|
|
src: "{{ item.src }}"
|
|
dest: "{{ item.dst }}"
|
|
mode: "{{ CERT_CONFIG.mode_cert }}"
|
|
owner: "{{ CERT_CONFIG.owner_cert }}"
|
|
group: "{{ CERT_CONFIG.group_cert }}"
|
|
follow: true
|
|
force: true
|
|
loop:
|
|
- {'dst': "{{ CERT_CONFIG.path }}/{{ le_name }}.{{ CERT_CONFIG.extension_cert }}", 'src': "{{ le_path }}/cert.pem"}
|
|
- {'dst': "{{ CERT_CONFIG.path }}/{{ le_name }}.chain.{{ CERT_CONFIG.extension_cert }}", 'src': "{{ le_path }}/chain.pem"}
|
|
- {'dst': "{{ CERT_CONFIG.path }}/{{ le_name }}.fullchain.{{ CERT_CONFIG.extension_cert }}", 'src': "{{ le_path }}/fullchain.pem"}
|
|
|
|
- name: "Certificates | Debian | LetsEncrypt Certbot | {{ le_name }} | Linking key"
|
|
ansible.builtin.file:
|
|
state: link
|
|
src: "{{ le_path }}/privkey.pem"
|
|
dest: "{{ CERT_CONFIG.path }}/{{ le_name }}.{{ CERT_CONFIG.extension_key }}"
|
|
mode: "{{ CERT_CONFIG.mode_key }}"
|
|
owner: "{{ CERT_CONFIG.owner_key }}"
|
|
group: "{{ CERT_CONFIG.group_key }}"
|
|
follow: true
|
|
force: true
|