public_git
/
ansibleguy.infra_certs
mirror of https://github.com/ansibleguy/infra_certs.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
ansibleguy.infra_certs/tasks/debian/letsencrypt/cert.yml

62 lines
2.9 KiB
YAML
Raw Blame History

---
# todo: check domains registered in current certificate (certbot certificates) and remove it if there are more than configured before re-configuring it
- name: "Certificates | Debian | LetsEncrypt Certbot | {{ le_name }} | Creating directory"
ansible.builtin.file:
path: "{{ item }}"
state: directory
owner: 'root'
group: 'root'
mode: 0755
loop:
- "{{ CERT_CONFIG.path }}"
- "{{ le_path }}"
- name: "Certificates | Debian | LetsEncrypt Certbot | {{ le_name }} | Command to be executed"
ansible.builtin.debug:
msg: "certbot certonly --non-interactive --agree-tos --no-redirect
--{{ CERT_CONFIG.letsencrypt.service }} --cert-name {{ le_name }}
-{{ CERT_CONFIG.letsencrypt.verbosity }}
--rsa-key-size {{ le_cert.key_size | default(CERT_CONFIG.cert.key_size, true) }}
--config-dir {{ CERT_CONFIG.letsencrypt.path }}
{% for domain in le_cert.domains %}{% if domain | valid_domain %}--domain {{ domain }} {% endif %}{% endfor %}
{% if le_cert.email is not none %}--email {{ le_cert.email }} {% else %}--email {{ CERT_CONFIG.cert.email }} {% endif %}"
when: existing_certs_raw.stdout.find(name) == -1
- name: "Certificates | Debian | LetsEncrypt Certbot | {{ le_name }} | Starting certbot"
ansible.builtin.command: "certbot certonly --non-interactive --agree-tos --no-redirect
--{{ CERT_CONFIG.letsencrypt.service }} --cert-name {{ le_name }}
-{{ CERT_CONFIG.letsencrypt.verbosity }}
--rsa-key-size {{ le_cert.key_size | default(CERT_CONFIG.cert.key_size, true) }}
--config-dir {{ CERT_CONFIG.letsencrypt.path }}
{% for domain in le_cert.domains %}{% if domain | valid_domain %}--domain {{ domain }} {% endif %}{% endfor %}
{% if le_cert.email is not none %}--email {{ le_cert.email }} {% else %}--email {{ CERT_CONFIG.cert.email }} {% endif %}"
when: existing_certs_raw.stdout.find(name) == -1
- name: "Certificates | Debian | LetsEncrypt Certbot | {{ le_name }} | Linking cert"
ansible.builtin.file:
state: link
src: "{{ item.src }}"
dest: "{{ item.dst }}"
mode: "{{ CERT_CONFIG.mode_cert }}"
owner: "{{ CERT_CONFIG.owner_cert }}"
group: "{{ CERT_CONFIG.group_cert }}"
follow: true
force: true
loop:
- {'dst': "{{ CERT_CONFIG.path }}/{{ le_name }}.{{ CERT_CONFIG.extension_cert }}", 'src': "{{ le_path }}/cert.pem"}
- {'dst': "{{ CERT_CONFIG.path }}/{{ le_name }}.chain.{{ CERT_CONFIG.extension_cert }}", 'src': "{{ le_path }}/chain.pem"}
- {'dst': "{{ CERT_CONFIG.path }}/{{ le_name }}.fullchain.{{ CERT_CONFIG.extension_cert }}", 'src': "{{ le_path }}/fullchain.pem"}
- name: "Certificates | Debian | LetsEncrypt Certbot | {{ le_name }} | Linking key"
ansible.builtin.file:
state: link
src: "{{ le_path }}/privkey.pem"
dest: "{{ CERT_CONFIG.path }}/{{ le_name }}.{{ CERT_CONFIG.extension_key }}"
mode: "{{ CERT_CONFIG.mode_key }}"
owner: "{{ CERT_CONFIG.owner_key }}"
group: "{{ CERT_CONFIG.group_key }}"
follow: true
force: true
Reference in New Issue View Git Blame Copy Permalink