From 5a89b571cd6a7975fceee602e737aedbea0cdda4 Mon Sep 17 00:00:00 2001 From: Andrea Dell'Amico Date: Wed, 29 Sep 2021 18:54:30 +0200 Subject: [PATCH] Download the letsencrypt CA files. --- defaults/main.yml | 1 + tasks/trusted_ca.yml | 22 ++++++++++++++++------ 2 files changed, 17 insertions(+), 6 deletions(-) diff --git a/defaults/main.yml b/defaults/main.yml index 5e909d1..d0b6880 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -78,6 +78,7 @@ no_proxy_targets: trusted_ca_el_anchors_path: '/etc/pki/ca-trust/source/anchors' # it shoudn't be needed trusted_ca_letsencrypt_install: False +trusted_ca_letsencrypt_ca_certificates_url: https://letsencrypt.org/certificates/ trusted_ca_letsencrypt_ca_files: - { ca: 'isrgrootx1.pem', name: 'isrg-root-x1' } - { ca: 'isrg-root-x2.pem', name: 'isrg-root-x2-not-cross' } diff --git a/tasks/trusted_ca.yml b/tasks/trusted_ca.yml index c2ccf5f..7b1eec9 100644 --- a/tasks/trusted_ca.yml +++ b/tasks/trusted_ca.yml @@ -15,9 +15,14 @@ - name: Manage the Letsencrypt CA files on EL block: - - name: Copy the letsencrypt CA files on EL - copy: src=letsencrypt_ca_files/{{ item.ca }} dest=/etc/pki/ca-trust/source/anchors/{{ item.ca }} owner=root group=root mode='0444' - with_items: '{{ trusted_ca_letsencrypt_ca_files }}' + - name: Download the letsencrypt CA files on EL + get_url: + url: '{{ trusted_ca_letsencrypt_ca_certificates_url }}/{{ item.ca }}' + dest: '/etc/pki/ca-trust/source/anchors/{{ item.ca }}' + owner: root + group: root + mode: 0444 + loop: '{{ trusted_ca_letsencrypt_ca_files }}' register: letsencrypt_ca_files_installation - name: Rebuild the trust CA files on EL @@ -59,9 +64,14 @@ - name: Manage the Letsencrypt CA files on deb block: - - name: Copy the letsencrypt CA files on deb - copy: src=letsencrypt_ca_files/{{ item.ca }} dest=/etc/ssl/certs/{{ item.ca }} owner=root group=root mode='0444' - with_items: '{{ trusted_ca_letsencrypt_ca_files }}' + - name: Download the letsencrypt CA files on deb + get_url: + url: '{{ trusted_ca_letsencrypt_ca_certificates_url }}/{{ item.ca }}' + dest: '/etc/ssl/certs/{{ item.ca }}' + owner: root + group: root + mode: 0444 + loop: '{{ trusted_ca_letsencrypt_ca_files }}' register: letsencrypt_ca_files_installation - name: Trust the CA files on deb