Default CA provider.
This commit is contained in:
parent
2ae5f5f510
commit
63811343bd
|
@ -3,7 +3,8 @@ letsencrypt_acme_install: False
|
||||||
letsencrypt_acme_sh_install: '{{ letsencrypt_acme_install }}'
|
letsencrypt_acme_sh_install: '{{ letsencrypt_acme_install }}'
|
||||||
letsencrypt_acme_sh_git_install: True
|
letsencrypt_acme_sh_git_install: True
|
||||||
letsencrypt_update_acme_distribution: True
|
letsencrypt_update_acme_distribution: True
|
||||||
letsencrypt_acme_sh_git_url: https://github.com/Neilpang/acme.sh.git
|
letsencrypt_acme_sh_git_url: https://github.com/acmesh-official/acme.sh.git
|
||||||
|
letsencrypt_acme_sh_default_ca: 'letsencrypt'
|
||||||
letsencrypt_acme_user: acme
|
letsencrypt_acme_user: acme
|
||||||
letsencrypt_acme_sh_user: '{{ letsencrypt_acme_user }}'
|
letsencrypt_acme_sh_user: '{{ letsencrypt_acme_user }}'
|
||||||
letsencrypt_acme_user_home: /var/lib/acme
|
letsencrypt_acme_user_home: /var/lib/acme
|
||||||
|
|
|
@ -1,12 +1,15 @@
|
||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
|
|
||||||
|
RETVAL=
|
||||||
if [ -f "/etc/default/acme_sh_request_env" ] ; then
|
if [ -f "/etc/default/acme_sh_request_env" ] ; then
|
||||||
. "/etc/default/acme_sh_request_env"
|
. "/etc/default/acme_sh_request_env"
|
||||||
else
|
else
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
cd "$ACME_SH_GIT_DIST_DIR"
|
cd "$ACME_SH_GIT_DIST_DIR" || exit 1
|
||||||
./acme.sh $ACME_SH_INSTALL_OPTS
|
./acme.sh "$ACME_SH_INSTALL_OPTS"
|
||||||
|
cd "$ACME_SH_BINDIR" || exit 1
|
||||||
exit $?
|
./acme.sh --home "$ACME_SH_BINDIR" --config-home "$ACME_SH_CONFIG_HOME" --set-default-ca --server "$ACME_SH_DEFAULT_CA"
|
||||||
|
RETVAL=$?
|
||||||
|
exit $RETVAL
|
||||||
|
|
|
@ -17,7 +17,7 @@
|
||||||
|
|
||||||
tags: [ 'letsencrypt', 'letsencrypt_acme_sh' ]
|
tags: [ 'letsencrypt', 'letsencrypt_acme_sh' ]
|
||||||
|
|
||||||
- block:
|
- block:
|
||||||
- name: Create the letsencrypt acme user
|
- name: Create the letsencrypt acme user
|
||||||
user: name={{ letsencrypt_acme_sh_user }} home={{ letsencrypt_acme_sh_user_home }} createhome=no shell=/usr/sbin/nologin system=yes
|
user: name={{ letsencrypt_acme_sh_user }} home={{ letsencrypt_acme_sh_user_home }} createhome=no shell=/usr/sbin/nologin system=yes
|
||||||
tags: [ 'letsencrypt', 'letsencrypt_user' ]
|
tags: [ 'letsencrypt', 'letsencrypt_user' ]
|
||||||
|
@ -72,7 +72,8 @@
|
||||||
with_items: '{{ letsencrypt_acme_sh_dirs }}'
|
with_items: '{{ letsencrypt_acme_sh_dirs }}'
|
||||||
|
|
||||||
- name: Run the installation command for acme.sh
|
- name: Run the installation command for acme.sh
|
||||||
shell: /usr/local/bin/acme-sh-install
|
script:
|
||||||
|
cmd: /usr/local/bin/acme-sh-install
|
||||||
args:
|
args:
|
||||||
creates: '{{ letsencrypt_acme_sh_user_home }}/bin/acme.sh'
|
creates: '{{ letsencrypt_acme_sh_user_home }}/bin/acme.sh'
|
||||||
|
|
||||||
|
|
|
@ -4,6 +4,7 @@
|
||||||
ACME_SH_HOME={{ letsencrypt_acme_sh_user_home }}
|
ACME_SH_HOME={{ letsencrypt_acme_sh_user_home }}
|
||||||
ACME_SH_BINDIR={{ letsencrypt_acme_sh_user_home }}/bin
|
ACME_SH_BINDIR={{ letsencrypt_acme_sh_user_home }}/bin
|
||||||
ACME_SH_BIN="{{ letsencrypt_acme_sh_user_home }}/bin/acme.sh --config-home {{ letsencrypt_acme_sh_base_data_dir }}/data"
|
ACME_SH_BIN="{{ letsencrypt_acme_sh_user_home }}/bin/acme.sh --config-home {{ letsencrypt_acme_sh_base_data_dir }}/data"
|
||||||
|
ACME_SH_DEFAULT_CA={{ letsencrypt_acme_sh_default_ca }}
|
||||||
ACME_SH_CONFIG_HOME={{ letsencrypt_acme_sh_base_data_dir }}/data
|
ACME_SH_CONFIG_HOME={{ letsencrypt_acme_sh_base_data_dir }}/data
|
||||||
ACME_SH_ENV_FILE=${ACME_SH_BINDIR}/acme.sh.env
|
ACME_SH_ENV_FILE=${ACME_SH_BINDIR}/acme.sh.env
|
||||||
ACME_SH_ISSUE_LOG_FILE={{ letsencrypt_acme_sh_base_data_dir }}/logs/cert_issue.log
|
ACME_SH_ISSUE_LOG_FILE={{ letsencrypt_acme_sh_base_data_dir }}/logs/cert_issue.log
|
||||||
|
@ -28,7 +29,7 @@ ACME_SH_INSTALL_OPTS="$ACME_SH_INSTALL_OPTS --home {{ letsencrypt_acme_sh_user_h
|
||||||
#
|
#
|
||||||
# Certificate issue options
|
# Certificate issue options
|
||||||
#
|
#
|
||||||
ACME_SH_ISSUE_CERT_REQUEST_OPTIONS="--issue -k {% if letsencrypt_acme_sh_use_ecc %}{{ letsencrypt_acme_sh_ecc_key_lenght }}{% else %}{{ letsencrypt_acme_sh_rsa_key_lenght }}{% endif %} --log {{ letsencrypt_acme_sh_base_data_dir }}/logs/acme.sh.log"
|
ACME_SH_ISSUE_CERT_REQUEST_OPTIONS="--issue --server {{ letsencrypt_acme_sh_default_ca }} -k {% if letsencrypt_acme_sh_use_ecc %}{{ letsencrypt_acme_sh_ecc_key_lenght }}{% else %}{{ letsencrypt_acme_sh_rsa_key_lenght }}{% endif %} --log {{ letsencrypt_acme_sh_base_data_dir }}/logs/acme.sh.log"
|
||||||
{% if letsencrypt_acme_sh_ocsp_must_staple %}
|
{% if letsencrypt_acme_sh_ocsp_must_staple %}
|
||||||
ACME_SH_ISSUE_CERT_REQUEST="$ACME_SH_ISSUE_CERT_REQUEST_OPTIONS --ocsp"
|
ACME_SH_ISSUE_CERT_REQUEST="$ACME_SH_ISSUE_CERT_REQUEST_OPTIONS --ocsp"
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
Loading…
Reference in New Issue