changed default certificate-type to 'minimal-ca', updated molecule

README.md

@@ -69,8 +69,8 @@ zoneminder:
     aliases: ['zm.template.ansibleguy.net']
 
     ssl:
-      mode: 'letsencrypt'  # or selfsigned
+      mode: 'letsencrypt'  # or selfsigned/ca
-      #  if you use 'selfsigned':
+      #  if you use 'selfsigned' or 'ca':
       #    cert:
       #      cn: 'ZoneMinder Server'
       #      org: 'AnsibleGuy'

defaults/main.yml

@@ -49,7 +49,7 @@ default_zm:
     app_include: true  # DO NOT CHANGE!
 
     ssl:  # see: https://github.com/ansibleguy/infra_certs
-      mode: 'selfsigned'  # existing/selfsigned/ca/letsencrypt
+      mode: 'ca'  # existing/selfsigned/ca/letsencrypt
       cert:
         name:
         cn: 'NextCloud Certificate'

molecule/default/converge.yml

@@ -2,7 +2,6 @@
 
 - name: Converge
   hosts: grp_targets
-  strategy: free  # speed-up; comment-out to gain clarity
   vars:
     no_prompts: true  # mariadb prompts
 
@@ -16,9 +15,10 @@
 
       apache:
         domain: 'zoneminder.test.ansibleguy.net'
+        ip: '192.168.0.2'
 
         ssl:
-          mode: 'selfsigned'
+          mode: 'ca'
           cert:
             cn: 'ZoneMinder'
             org: 'AnsibleGuy Test'

molecule/default/molecule.yml

@@ -34,14 +34,11 @@ platforms:
   - name: test-ag-zm-1
     networks:
       - name: 'test-ag-zm'
-        ipv4_address: '192.168.0.20'
+        ipv4_address: '192.168.0.2'
     groups: [grp_targets]
     <<: *docker_all
 
 provisioner:
   name: ansible
-  #  config_options:
-  #    defaults:
-  #      vault_password_file: '~/.vault_pwd_file'
 verifier:
   name: ansible

molecule/default/verify.yml

@@ -6,5 +6,8 @@
   tasks:
   - name: Checking if zoneminder web-service is reachable
     ansible.builtin.uri:
-      url: 'https://192.168.0.20'
+      url: 'https://192.168.0.2'
+      return_content: yes
       validate_certs: false
+    register: page
+    failed_when: "'Zoneminder' not in page.content"