public_git
/
ansibleguy.infra_certs
mirror of https://github.com/ansibleguy/infra_certs.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
ansibleguy.infra_certs/tasks/debian/letsencrypt/cert.yml

91 lines
3.9 KiB
YAML
Raw Blame History

---
- name: "Certificates | Debian | LetsEncrypt Certbot | {{ le_name }} | Showing debug info"
ansible.builtin.debug:
var: le_cert
when:
- debug is defined
- debug
# ToDo: path validation
- name: "Certificates | Debian | LetsEncrypt Certbot | {{ le_name }} | Checking config"
ansible.builtin.assert:
that:
- CERT_CONFIG.letsencrypt.service in CERT_HC.letsencrypt.options.service
- CERT_CONFIG.letsencrypt.verbosity in CERT_HC.letsencrypt.options.verbosity
- le_cert.key_size in CERT_HC.options.key_size.cert
- le_cert.domains | length > 0
- le_cert.email | validate_email or CERT_CONFIG.cert.email | validate_email
ignore_errors: true
register: le_cnf_check
- name: "Certificates | Debian | LetsEncrypt Certbot | {{ le_name }} | Invalid config"
ansible.builtin.fail:
msg: "LetsEncrypt-CONFIG: {{ CERT_CONFIG.letsencrypt }} | {{ le_cert }}"
when:
- le_cnf_check.failed is defined
- le_cnf_check.failed
- name: "Certificates | Debian | LetsEncrypt Certbot | {{ le_name }} | Creating directory"
ansible.builtin.file:
path: "{{ item }}"
state: directory
owner: 'root'
group: 'root'
mode: 0755
loop:
- "{{ CERT_CONFIG.path }}"
- "{{ le_path }}"
changed_when: false
- name: "Certificates | Debian | LetsEncrypt Certbot | {{ le_name }} | Certbot command (FYI)"
ansible.builtin.debug:
msg: "certbot certonly --non-interactive --agree-tos --no-redirect{% if debug or testing %} --staging{% endif %}
--{{ CERT_CONFIG.letsencrypt.service }} --cert-name {{ le_name }}
-{{ CERT_CONFIG.letsencrypt.verbosity }}
--rsa-key-size {{ le_cert.key_size }}
--config-dir {{ CERT_CONFIG.letsencrypt.path }}
{% for domain in le_cert.domains %}{% if domain | valid_hostname %}--domain {{ domain }} {% endif %}{% endfor %}
{% if le_cert.email is not none %}--email {{ le_cert.email }} {% else %}--email {{ CERT_CONFIG.cert.email }} {% endif %}"
when: le_changed
- name: "Certificates | Debian | LetsEncrypt Certbot | {{ le_name }} | Running certbot"
ansible.builtin.command: "certbot certonly --non-interactive --agree-tos --no-redirect{% if debug or testing %} --staging{% endif %}
--{{ CERT_CONFIG.letsencrypt.service }} --cert-name {{ le_name }}
-{{ CERT_CONFIG.letsencrypt.verbosity }}
--rsa-key-size {{ le_cert.key_size }}
--config-dir {{ CERT_CONFIG.letsencrypt.path }}
{% for domain in le_cert.domains %}{% if domain | valid_hostname %}--domain {{ domain }} {% endif %}{% endfor %}
{% if le_cert.email is not none %}--email {{ le_cert.email }} {% else %}--email {{ CERT_CONFIG.cert.email }} {% endif %}"
when: le_changed
- name: "Certificates | Debian | LetsEncrypt Certbot | {{ le_name }} | Adding dummy certs"
ansible.builtin.include_tasks: test.yml
when: testing
- name: "Certificates | Debian | LetsEncrypt Certbot | {{ le_name }} | Linking cert"
ansible.builtin.file:
state: link
src: "{{ item.src }}"
dest: "{{ item.dst }}"
mode: "{{ CERT_CONFIG.mode_cert }}"
owner: "{{ CERT_CONFIG.owner_cert }}"
group: "{{ CERT_CONFIG.group_cert }}"
follow: true
force: true
loop:
- {'dst': "{{ CERT_CONFIG.path }}/{{ le_name }}.{{ CERT_CONFIG.extension_cert }}", 'src': "{{ le_path }}/cert.pem"}
- {'dst': "{{ CERT_CONFIG.path }}/{{ le_name }}.chain.{{ CERT_CONFIG.extension_cert }}", 'src': "{{ le_path }}/chain.pem"}
- {'dst': "{{ CERT_CONFIG.path }}/{{ le_name }}.fullchain.{{ CERT_CONFIG.extension_cert }}", 'src': "{{ le_path }}/fullchain.pem"}
- name: "Certificates | Debian | LetsEncrypt Certbot | {{ le_name }} | Linking key"
ansible.builtin.file:
state: link
src: "{{ le_path }}/privkey.pem"
dest: "{{ CERT_CONFIG.path }}/{{ le_name }}.{{ CERT_CONFIG.extension_key }}"
mode: "{{ CERT_CONFIG.mode_key }}"
owner: "{{ CERT_CONFIG.owner_key }}"
group: "{{ CERT_CONFIG.group_key }}"
follow: true
force: true
Reference in New Issue View Git Blame Copy Permalink