From b58846c3b447337c8cac583beb81da3b49bef4b8 Mon Sep 17 00:00:00 2001 From: Andrea Dell'Amico Date: Thu, 30 Sep 2021 16:42:19 +0200 Subject: [PATCH] pem -> crt --- defaults/main.yml | 12 ++++++------ tasks/trusted_ca.yml | 13 +++---------- 2 files changed, 9 insertions(+), 16 deletions(-) diff --git a/defaults/main.yml b/defaults/main.yml index bdb606b..9bb3452 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -81,12 +81,12 @@ trusted_ca_deb_path: '/usr/local/share/ca-certificates' trusted_ca_letsencrypt_install: False trusted_ca_letsencrypt_ca_certificates_url: https://letsencrypt.org/certs trusted_ca_letsencrypt_ca_files: - - { ca: 'isrgrootx1.pem', name: 'isrg-root-x1' } - - { ca: 'isrg-root-x2.pem', name: 'isrg-root-x2-not-cross' } - - { ca: 'lets-encrypt-e1.pem', name: 'lets-encrypt-e1' } - - { ca: 'lets-encrypt-e2.pem', name: 'lets-encrypt-e2' } - - { ca: 'lets-encrypt-r3.pem', name: 'lets-encrypt-r3-not-cross' } - - { ca: 'lets-encrypt-r4.pem', name: 'lets-encrypt-r4-not-cross' } + - { ca_src: 'isrgrootx1.pem', ca: 'isrgrootx1.crt', name: 'isrg-root-x1' } + - { ca_src: 'isrg-root-x2.pem', ca: 'isrg-root-x2.crt', name: 'isrg-root-x2-not-cross' } + - { ca_src: 'lets-encrypt-e1.pem', ca: 'lets-encrypt-e1.crt', name: 'lets-encrypt-e1' } + - { ca_src: 'lets-encrypt-e2.pem', ca: 'lets-encrypt-e2.crt', name: 'lets-encrypt-e2' } + - { ca_src: 'lets-encrypt-r3.pem', ca: 'lets-encrypt-r3.crt', name: 'lets-encrypt-r3-not-cross' } + - { ca_src: 'lets-encrypt-r4.pem', ca: 'lets-encrypt-r4.crt', name: 'lets-encrypt-r4-not-cross' } expired_ca_letsencrypt_ca_files: - isrg-root-x2-cross-signed.pem diff --git a/tasks/trusted_ca.yml b/tasks/trusted_ca.yml index 3697b4c..2508108 100644 --- a/tasks/trusted_ca.yml +++ b/tasks/trusted_ca.yml @@ -17,7 +17,7 @@ block: - name: Download the letsencrypt CA files on EL get_url: - url: '{{ trusted_ca_letsencrypt_ca_certificates_url }}/{{ item.ca }}' + url: '{{ trusted_ca_letsencrypt_ca_certificates_url }}/{{ item.ca_src }}' dest: '/etc/pki/ca-trust/source/anchors/{{ item.ca }}' owner: root group: root @@ -66,8 +66,8 @@ block: - name: Download the letsencrypt CA files on deb get_url: - url: '{{ trusted_ca_letsencrypt_ca_certificates_url }}/{{ item.ca }}' - dest: '{{ trusted_ca_deb_path }}/{{ item.ca }}.crt' + url: '{{ trusted_ca_letsencrypt_ca_certificates_url }}/{{ item.ca_src }}' + dest: '{{ trusted_ca_deb_path }}/{{ item.ca }}' owner: root group: root mode: 0444 @@ -85,13 +85,6 @@ loop: '{{ expired_ca_letsencrypt_ca_files }}' register: letsencrypt_ca_files_removal - - name: Ensure that the expired CA files are not present - file: - dest: '{{ trusted_ca_deb_path }}/{{ item }}.crt' - state: absent - loop: '{{ expired_ca_letsencrypt_ca_files }}' - register: letsencrypt_ca_files_removal - - name: Ensure that the expired CA files are not present file: dest: '{{ trusted_ca_deb_path }}/{{ item }}'