ISTI-ansible-roles
/
ansible-role-letsencrypt-acme-sh-client
4
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Move the cron job under /etc/cron.d

This commit is contained in:
Andrea Dell'Amico 2022-08-05 13:57:45 +02:00
parent 9742cec3e7
commit c3198ab76f
Signed by: adellam
GPG Key ID: 147ABE6CEB9E20FF
2 changed files with 19 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
defaults/main.yml
View File

@ -69,15 +69,17 @@ letsencrypt_acme_services_hook_script: /usr/local/bin/acme-services-hook
# Use this when you want a single certificate. Even when multiple provider methods are needed
# The dns_provider and standalone options are mutually exclusive
letsencrypt_acme_sh_domains:
- { domain: '{{ ansible_fqdn }}', standalone: True }
- domain: '{{ ansible_fqdn }}'
standalone: true
letsencrypt_firewalld_http_enabled_on_default_zone: True
letsencrypt_firewalld_services:
- { service: 'http', state: 'enabled', zone: '{{ firewalld_default_zone }}' }
letsencrypt_acme_sh_domains_install:
- { domain: '{{ letsencrypt_acme_sh_certificates_install_dir }}', ecc: '{{ letsencrypt_acme_sh_use_ecc }}', cert_file: '{{ letsencrypt_acme_sh_certificates_install_path }}/cert', key_file: '{{ letsencrypt_acme_sh_certificates_install_path }}/privkey', fullchain_file: '{{ letsencrypt_acme_sh_certificates_install_path }}/fullchain' }
- domain: '{{ letsencrypt_acme_sh_certificates_install_dir }}'
ecc: '{{ letsencrypt_acme_sh_use_ecc }}'
cert_file: '{{ letsencrypt_acme_sh_certificates_install_path }}/cert'
key_file: '{{ letsencrypt_acme_sh_certificates_install_path }}/privkey'
fullchain_file: '{{ letsencrypt_acme_sh_certificates_install_path }}/fullchain'
### Stuff related to the obsolete acmetool package. Needed to cleanup systems where it was installed in the past
letsencrypt_acme_ppa_repo: 'ppa:hlandau/rhea'
letsencrypt_acme_debian_repo: 'deb http://ppa.launchpad.net/hlandau/rhea/ubuntu xenial main'

12
tasks/main.yml
View File

@ -53,9 +53,21 @@
- acme-sh-cron-command
tags: [ 'letsencrypt', 'letsencrypt_cron', 'letsencrypt_acme_sh', 'letsencrypt_acme_sh_scripts' ]
- name: Remove the cron job under spool if it exists
cron:
name: "Letsencrypt certificate renewal"
day: '{{ letsencrypt_acme_cron_day_of_month }}'
hour: '{{ letsencrypt_acme_cron_hour }}'
minute: '{{ letsencrypt_acme_cron_minute }}'
job: "/usr/local/bin/acme-sh-cron-script > {{ letsencrypt_acme_sh_log_dir }}/acme-cron.log 2>&1"
state: absent
tags: [ 'letsencrypt', 'letsencrypt_cron', 'letsencrypt_acme_sh', 'letsencrypt_acme_sh_scripts' ]
- name: Install a daily cron job to renew the certificates when needed. It runs as root
cron:
name: "Letsencrypt certificate renewal"
cron_file: letsencrypt_renew_certificates
user: root
day: '{{ letsencrypt_acme_cron_day_of_month }}'
hour: '{{ letsencrypt_acme_cron_hour }}'
minute: '{{ letsencrypt_acme_cron_minute }}'