Default CA provider.

2021-07-05 12:38:21 +02:00 · 2021-07-05 12:38:21 +02:00 · 63811343bd
parent 2ae5f5f510
commit 63811343bd
4 changed files with 14 additions and 8 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -3,7 +3,8 @@ letsencrypt_acme_install: False
 letsencrypt_acme_sh_install: '{{ letsencrypt_acme_install }}'
 letsencrypt_acme_sh_git_install: True
 letsencrypt_update_acme_distribution: True
-letsencrypt_acme_sh_git_url: https://github.com/Neilpang/acme.sh.git
+letsencrypt_acme_sh_git_url: https://github.com/acmesh-official/acme.sh.git
+letsencrypt_acme_sh_default_ca: 'letsencrypt'
 letsencrypt_acme_user: acme
 letsencrypt_acme_sh_user: '{{ letsencrypt_acme_user }}'
 letsencrypt_acme_user_home: /var/lib/acme
--- a/files/acme-sh-install
+++ b/files/acme-sh-install
@ -1,12 +1,15 @@
 #!/bin/bash

+RETVAL=
 if [ -f "/etc/default/acme_sh_request_env" ] ; then
    . "/etc/default/acme_sh_request_env"
 else
    exit 1
 fi

-cd "$ACME_SH_GIT_DIST_DIR"
-./acme.sh $ACME_SH_INSTALL_OPTS
-
-exit $?
+cd "$ACME_SH_GIT_DIST_DIR" || exit 1
+./acme.sh "$ACME_SH_INSTALL_OPTS"
+cd "$ACME_SH_BINDIR" || exit 1
+./acme.sh --home "$ACME_SH_BINDIR" --config-home "$ACME_SH_CONFIG_HOME" --set-default-ca --server "$ACME_SH_DEFAULT_CA"
+RETVAL=$?
+exit $RETVAL
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -17,7 +17,7 @@

  tags: [ 'letsencrypt', 'letsencrypt_acme_sh' ]

- block: 
+- block:
  - name: Create the letsencrypt acme user
    user: name={{ letsencrypt_acme_sh_user }} home={{ letsencrypt_acme_sh_user_home }} createhome=no shell=/usr/sbin/nologin system=yes
    tags: [ 'letsencrypt', 'letsencrypt_user' ]
@ -72,7 +72,8 @@
    with_items: '{{ letsencrypt_acme_sh_dirs }}'

  - name: Run the installation command for acme.sh
-    shell: /usr/local/bin/acme-sh-install
+    script:
+      cmd: /usr/local/bin/acme-sh-install
    args:
      creates: '{{ letsencrypt_acme_sh_user_home }}/bin/acme.sh'

--- a/templates/acme_sh_request_env.j2
+++ b/templates/acme_sh_request_env.j2
@ -4,6 +4,7 @@
 ACME_SH_HOME={{ letsencrypt_acme_sh_user_home }}
 ACME_SH_BINDIR={{ letsencrypt_acme_sh_user_home }}/bin
 ACME_SH_BIN="{{ letsencrypt_acme_sh_user_home }}/bin/acme.sh --config-home {{ letsencrypt_acme_sh_base_data_dir }}/data"
+ACME_SH_DEFAULT_CA={{ letsencrypt_acme_sh_default_ca }}
 ACME_SH_CONFIG_HOME={{ letsencrypt_acme_sh_base_data_dir }}/data
 ACME_SH_ENV_FILE=${ACME_SH_BINDIR}/acme.sh.env
 ACME_SH_ISSUE_LOG_FILE={{ letsencrypt_acme_sh_base_data_dir }}/logs/cert_issue.log
@ -28,7 +29,7 @@ ACME_SH_INSTALL_OPTS="$ACME_SH_INSTALL_OPTS --home {{ letsencrypt_acme_sh_user_h
 #
 # Certificate issue options
 #
-ACME_SH_ISSUE_CERT_REQUEST_OPTIONS="--issue -k {% if letsencrypt_acme_sh_use_ecc %}{{ letsencrypt_acme_sh_ecc_key_lenght }}{% else %}{{ letsencrypt_acme_sh_rsa_key_lenght }}{% endif %} --log {{ letsencrypt_acme_sh_base_data_dir }}/logs/acme.sh.log"
+ACME_SH_ISSUE_CERT_REQUEST_OPTIONS="--issue --server {{ letsencrypt_acme_sh_default_ca }} -k {% if letsencrypt_acme_sh_use_ecc %}{{ letsencrypt_acme_sh_ecc_key_lenght }}{% else %}{{ letsencrypt_acme_sh_rsa_key_lenght }}{% endif %} --log {{ letsencrypt_acme_sh_base_data_dir }}/logs/acme.sh.log"
 {% if letsencrypt_acme_sh_ocsp_must_staple %}
 ACME_SH_ISSUE_CERT_REQUEST="$ACME_SH_ISSUE_CERT_REQUEST_OPTIONS --ocsp"
 {% endif %}