pem -> crt

This commit is contained in:
Andrea Dell'Amico 2021-09-30 16:42:19 +02:00
parent 9ffcccc486
commit b58846c3b4
Signed by: adellam
GPG Key ID: 147ABE6CEB9E20FF
2 changed files with 9 additions and 16 deletions

View File

@ -81,12 +81,12 @@ trusted_ca_deb_path: '/usr/local/share/ca-certificates'
trusted_ca_letsencrypt_install: False
trusted_ca_letsencrypt_ca_certificates_url: https://letsencrypt.org/certs
trusted_ca_letsencrypt_ca_files:
- { ca: 'isrgrootx1.pem', name: 'isrg-root-x1' }
- { ca: 'isrg-root-x2.pem', name: 'isrg-root-x2-not-cross' }
- { ca: 'lets-encrypt-e1.pem', name: 'lets-encrypt-e1' }
- { ca: 'lets-encrypt-e2.pem', name: 'lets-encrypt-e2' }
- { ca: 'lets-encrypt-r3.pem', name: 'lets-encrypt-r3-not-cross' }
- { ca: 'lets-encrypt-r4.pem', name: 'lets-encrypt-r4-not-cross' }
- { ca_src: 'isrgrootx1.pem', ca: 'isrgrootx1.crt', name: 'isrg-root-x1' }
- { ca_src: 'isrg-root-x2.pem', ca: 'isrg-root-x2.crt', name: 'isrg-root-x2-not-cross' }
- { ca_src: 'lets-encrypt-e1.pem', ca: 'lets-encrypt-e1.crt', name: 'lets-encrypt-e1' }
- { ca_src: 'lets-encrypt-e2.pem', ca: 'lets-encrypt-e2.crt', name: 'lets-encrypt-e2' }
- { ca_src: 'lets-encrypt-r3.pem', ca: 'lets-encrypt-r3.crt', name: 'lets-encrypt-r3-not-cross' }
- { ca_src: 'lets-encrypt-r4.pem', ca: 'lets-encrypt-r4.crt', name: 'lets-encrypt-r4-not-cross' }
expired_ca_letsencrypt_ca_files:
- isrg-root-x2-cross-signed.pem

View File

@ -17,7 +17,7 @@
block:
- name: Download the letsencrypt CA files on EL
get_url:
url: '{{ trusted_ca_letsencrypt_ca_certificates_url }}/{{ item.ca }}'
url: '{{ trusted_ca_letsencrypt_ca_certificates_url }}/{{ item.ca_src }}'
dest: '/etc/pki/ca-trust/source/anchors/{{ item.ca }}'
owner: root
group: root
@ -66,8 +66,8 @@
block:
- name: Download the letsencrypt CA files on deb
get_url:
url: '{{ trusted_ca_letsencrypt_ca_certificates_url }}/{{ item.ca }}'
dest: '{{ trusted_ca_deb_path }}/{{ item.ca }}.crt'
url: '{{ trusted_ca_letsencrypt_ca_certificates_url }}/{{ item.ca_src }}'
dest: '{{ trusted_ca_deb_path }}/{{ item.ca }}'
owner: root
group: root
mode: 0444
@ -85,13 +85,6 @@
loop: '{{ expired_ca_letsencrypt_ca_files }}'
register: letsencrypt_ca_files_removal
- name: Ensure that the expired CA files are not present
file:
dest: '{{ trusted_ca_deb_path }}/{{ item }}.crt'
state: absent
loop: '{{ expired_ca_letsencrypt_ca_files }}'
register: letsencrypt_ca_files_removal
- name: Ensure that the expired CA files are not present
file:
dest: '{{ trusted_ca_deb_path }}/{{ item }}'