pem -> crt
This commit is contained in:
parent
9ffcccc486
commit
b58846c3b4
|
@ -81,12 +81,12 @@ trusted_ca_deb_path: '/usr/local/share/ca-certificates'
|
|||
trusted_ca_letsencrypt_install: False
|
||||
trusted_ca_letsencrypt_ca_certificates_url: https://letsencrypt.org/certs
|
||||
trusted_ca_letsencrypt_ca_files:
|
||||
- { ca: 'isrgrootx1.pem', name: 'isrg-root-x1' }
|
||||
- { ca: 'isrg-root-x2.pem', name: 'isrg-root-x2-not-cross' }
|
||||
- { ca: 'lets-encrypt-e1.pem', name: 'lets-encrypt-e1' }
|
||||
- { ca: 'lets-encrypt-e2.pem', name: 'lets-encrypt-e2' }
|
||||
- { ca: 'lets-encrypt-r3.pem', name: 'lets-encrypt-r3-not-cross' }
|
||||
- { ca: 'lets-encrypt-r4.pem', name: 'lets-encrypt-r4-not-cross' }
|
||||
- { ca_src: 'isrgrootx1.pem', ca: 'isrgrootx1.crt', name: 'isrg-root-x1' }
|
||||
- { ca_src: 'isrg-root-x2.pem', ca: 'isrg-root-x2.crt', name: 'isrg-root-x2-not-cross' }
|
||||
- { ca_src: 'lets-encrypt-e1.pem', ca: 'lets-encrypt-e1.crt', name: 'lets-encrypt-e1' }
|
||||
- { ca_src: 'lets-encrypt-e2.pem', ca: 'lets-encrypt-e2.crt', name: 'lets-encrypt-e2' }
|
||||
- { ca_src: 'lets-encrypt-r3.pem', ca: 'lets-encrypt-r3.crt', name: 'lets-encrypt-r3-not-cross' }
|
||||
- { ca_src: 'lets-encrypt-r4.pem', ca: 'lets-encrypt-r4.crt', name: 'lets-encrypt-r4-not-cross' }
|
||||
|
||||
expired_ca_letsencrypt_ca_files:
|
||||
- isrg-root-x2-cross-signed.pem
|
||||
|
|
|
@ -17,7 +17,7 @@
|
|||
block:
|
||||
- name: Download the letsencrypt CA files on EL
|
||||
get_url:
|
||||
url: '{{ trusted_ca_letsencrypt_ca_certificates_url }}/{{ item.ca }}'
|
||||
url: '{{ trusted_ca_letsencrypt_ca_certificates_url }}/{{ item.ca_src }}'
|
||||
dest: '/etc/pki/ca-trust/source/anchors/{{ item.ca }}'
|
||||
owner: root
|
||||
group: root
|
||||
|
@ -66,8 +66,8 @@
|
|||
block:
|
||||
- name: Download the letsencrypt CA files on deb
|
||||
get_url:
|
||||
url: '{{ trusted_ca_letsencrypt_ca_certificates_url }}/{{ item.ca }}'
|
||||
dest: '{{ trusted_ca_deb_path }}/{{ item.ca }}.crt'
|
||||
url: '{{ trusted_ca_letsencrypt_ca_certificates_url }}/{{ item.ca_src }}'
|
||||
dest: '{{ trusted_ca_deb_path }}/{{ item.ca }}'
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0444
|
||||
|
@ -85,13 +85,6 @@
|
|||
loop: '{{ expired_ca_letsencrypt_ca_files }}'
|
||||
register: letsencrypt_ca_files_removal
|
||||
|
||||
- name: Ensure that the expired CA files are not present
|
||||
file:
|
||||
dest: '{{ trusted_ca_deb_path }}/{{ item }}.crt'
|
||||
state: absent
|
||||
loop: '{{ expired_ca_letsencrypt_ca_files }}'
|
||||
register: letsencrypt_ca_files_removal
|
||||
|
||||
- name: Ensure that the expired CA files are not present
|
||||
file:
|
||||
dest: '{{ trusted_ca_deb_path }}/{{ item }}'
|
||||
|
|
Loading…
Reference in New Issue