pem -> crt
This commit is contained in:
parent
9ffcccc486
commit
b58846c3b4
GPG Key ID:
147ABE6CEB9E20FF
|
|
@ -81,12 +81,12 @@ trusted_ca_deb_path: '/usr/local/share/ca-certificates'
|
||||||
trusted_ca_letsencrypt_install: False
|
trusted_ca_letsencrypt_install: False
|
||||||
trusted_ca_letsencrypt_ca_certificates_url: https://letsencrypt.org/certs
|
trusted_ca_letsencrypt_ca_certificates_url: https://letsencrypt.org/certs
|
||||||
trusted_ca_letsencrypt_ca_files:
|
trusted_ca_letsencrypt_ca_files:
|
||||||
- { ca: 'isrgrootx1.pem', name: 'isrg-root-x1' }
|
- { ca_src: 'isrgrootx1.pem', ca: 'isrgrootx1.crt', name: 'isrg-root-x1' }
|
||||||
- { ca: 'isrg-root-x2.pem', name: 'isrg-root-x2-not-cross' }
|
- { ca_src: 'isrg-root-x2.pem', ca: 'isrg-root-x2.crt', name: 'isrg-root-x2-not-cross' }
|
||||||
- { ca: 'lets-encrypt-e1.pem', name: 'lets-encrypt-e1' }
|
- { ca_src: 'lets-encrypt-e1.pem', ca: 'lets-encrypt-e1.crt', name: 'lets-encrypt-e1' }
|
||||||
- { ca: 'lets-encrypt-e2.pem', name: 'lets-encrypt-e2' }
|
- { ca_src: 'lets-encrypt-e2.pem', ca: 'lets-encrypt-e2.crt', name: 'lets-encrypt-e2' }
|
||||||
- { ca: 'lets-encrypt-r3.pem', name: 'lets-encrypt-r3-not-cross' }
|
- { ca_src: 'lets-encrypt-r3.pem', ca: 'lets-encrypt-r3.crt', name: 'lets-encrypt-r3-not-cross' }
|
||||||
- { ca: 'lets-encrypt-r4.pem', name: 'lets-encrypt-r4-not-cross' }
|
- { ca_src: 'lets-encrypt-r4.pem', ca: 'lets-encrypt-r4.crt', name: 'lets-encrypt-r4-not-cross' }
|
||||||
|
|
||||||
expired_ca_letsencrypt_ca_files:
|
expired_ca_letsencrypt_ca_files:
|
||||||
- isrg-root-x2-cross-signed.pem
|
- isrg-root-x2-cross-signed.pem
|
||||||
|
|
|
||||||
|
|
@ -17,7 +17,7 @@
|
||||||
block:
|
block:
|
||||||
- name: Download the letsencrypt CA files on EL
|
- name: Download the letsencrypt CA files on EL
|
||||||
get_url:
|
get_url:
|
||||||
url: '{{ trusted_ca_letsencrypt_ca_certificates_url }}/{{ item.ca }}'
|
url: '{{ trusted_ca_letsencrypt_ca_certificates_url }}/{{ item.ca_src }}'
|
||||||
dest: '/etc/pki/ca-trust/source/anchors/{{ item.ca }}'
|
dest: '/etc/pki/ca-trust/source/anchors/{{ item.ca }}'
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
|
|
@ -66,8 +66,8 @@
|
||||||
block:
|
block:
|
||||||
- name: Download the letsencrypt CA files on deb
|
- name: Download the letsencrypt CA files on deb
|
||||||
get_url:
|
get_url:
|
||||||
url: '{{ trusted_ca_letsencrypt_ca_certificates_url }}/{{ item.ca }}'
|
url: '{{ trusted_ca_letsencrypt_ca_certificates_url }}/{{ item.ca_src }}'
|
||||||
dest: '{{ trusted_ca_deb_path }}/{{ item.ca }}.crt'
|
dest: '{{ trusted_ca_deb_path }}/{{ item.ca }}'
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
mode: 0444
|
mode: 0444
|
||||||
|
|
@ -85,13 +85,6 @@
|
||||||
loop: '{{ expired_ca_letsencrypt_ca_files }}'
|
loop: '{{ expired_ca_letsencrypt_ca_files }}'
|
||||||
register: letsencrypt_ca_files_removal
|
register: letsencrypt_ca_files_removal
|
||||||
|
|
||||||
- name: Ensure that the expired CA files are not present
|
|
||||||
file:
|
|
||||||
dest: '{{ trusted_ca_deb_path }}/{{ item }}.crt'
|
|
||||||
state: absent
|
|
||||||
loop: '{{ expired_ca_letsencrypt_ca_files }}'
|
|
||||||
register: letsencrypt_ca_files_removal
|
|
||||||
|
|
||||||
- name: Ensure that the expired CA files are not present
|
- name: Ensure that the expired CA files are not present
|
||||||
file:
|
file:
|
||||||
dest: '{{ trusted_ca_deb_path }}/{{ item }}'
|
dest: '{{ trusted_ca_deb_path }}/{{ item }}'
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue