47 lines
1.7 KiB
YAML
47 lines
1.7 KiB
YAML
---
|
|
- name: Letsencrypt is going to manage the certificates. Check if a certificate already exists
|
|
tags: ['pki', 'ssl', 'letsencrypt']
|
|
block:
|
|
- name: Check if a certificate already exists. If so, skip all the related tasks
|
|
ansible.builtin.stat:
|
|
path: "{{ letsencrypt_acme_sh_certificates_install_path }}"
|
|
register: true_cert
|
|
|
|
- name: Manage self signed certificates, if letsencrypt is going to be installed
|
|
when:
|
|
- true_cert is defined
|
|
- true_cert.stat is defined
|
|
- true_cert.stat.islnk is not defined
|
|
tags: ['pki', 'ssl', 'letsencrypt']
|
|
block:
|
|
- name: Create the path to the self signed certificates
|
|
ansible.builtin.file:
|
|
path: "{{ item }}"
|
|
state: directory
|
|
owner: root
|
|
group: root
|
|
mode: 0755
|
|
loop:
|
|
- "{{ letsencrypt_acme_sh_certificates_install_base_path }}"
|
|
- "{{ pki_dir }}/selfsigned"
|
|
|
|
- name: Generate the self signed certificate and private key
|
|
ansible.builtin.command: openssl req -x509 -newkey rsa:2048 -keyout {{ self_signed_key }} -out {{ self_signed_cert }} -days 365 -nodes -subj '{{ self_signed_subject }}'
|
|
args:
|
|
creates: '{{ self_signed_cert }}'
|
|
|
|
- name: Copy the cert file into fullchain
|
|
ansible.builtin.copy:
|
|
src: "{{ self_signed_cert }}"
|
|
dest: "{{ self_signed_fullchain }}"
|
|
remote_src: true
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
|
|
- name: Create the symbolic link for the certificates into the letsencrypt live directory
|
|
ansible.builtin.file:
|
|
src: "{{ pki_dir }}/selfsigned"
|
|
dest: "{{ letsencrypt_acme_sh_certificates_install_path }}"
|
|
state: link
|