Move the cron job under /etc/cron.d
This commit is contained in:
parent
9742cec3e7
commit
c3198ab76f
|
@ -69,15 +69,17 @@ letsencrypt_acme_services_hook_script: /usr/local/bin/acme-services-hook
|
|||
# Use this when you want a single certificate. Even when multiple provider methods are needed
|
||||
# The dns_provider and standalone options are mutually exclusive
|
||||
letsencrypt_acme_sh_domains:
|
||||
- { domain: '{{ ansible_fqdn }}', standalone: True }
|
||||
- domain: '{{ ansible_fqdn }}'
|
||||
standalone: true
|
||||
|
||||
letsencrypt_firewalld_http_enabled_on_default_zone: True
|
||||
letsencrypt_firewalld_services:
|
||||
- { service: 'http', state: 'enabled', zone: '{{ firewalld_default_zone }}' }
|
||||
|
||||
letsencrypt_acme_sh_domains_install:
|
||||
- { domain: '{{ letsencrypt_acme_sh_certificates_install_dir }}', ecc: '{{ letsencrypt_acme_sh_use_ecc }}', cert_file: '{{ letsencrypt_acme_sh_certificates_install_path }}/cert', key_file: '{{ letsencrypt_acme_sh_certificates_install_path }}/privkey', fullchain_file: '{{ letsencrypt_acme_sh_certificates_install_path }}/fullchain' }
|
||||
- domain: '{{ letsencrypt_acme_sh_certificates_install_dir }}'
|
||||
ecc: '{{ letsencrypt_acme_sh_use_ecc }}'
|
||||
cert_file: '{{ letsencrypt_acme_sh_certificates_install_path }}/cert'
|
||||
key_file: '{{ letsencrypt_acme_sh_certificates_install_path }}/privkey'
|
||||
fullchain_file: '{{ letsencrypt_acme_sh_certificates_install_path }}/fullchain'
|
||||
|
||||
### Stuff related to the obsolete acmetool package. Needed to cleanup systems where it was installed in the past
|
||||
letsencrypt_acme_ppa_repo: 'ppa:hlandau/rhea'
|
||||
letsencrypt_acme_debian_repo: 'deb http://ppa.launchpad.net/hlandau/rhea/ubuntu xenial main'
|
||||
|
|
|
@ -53,9 +53,21 @@
|
|||
- acme-sh-cron-command
|
||||
tags: [ 'letsencrypt', 'letsencrypt_cron', 'letsencrypt_acme_sh', 'letsencrypt_acme_sh_scripts' ]
|
||||
|
||||
- name: Remove the cron job under spool if it exists
|
||||
cron:
|
||||
name: "Letsencrypt certificate renewal"
|
||||
day: '{{ letsencrypt_acme_cron_day_of_month }}'
|
||||
hour: '{{ letsencrypt_acme_cron_hour }}'
|
||||
minute: '{{ letsencrypt_acme_cron_minute }}'
|
||||
job: "/usr/local/bin/acme-sh-cron-script > {{ letsencrypt_acme_sh_log_dir }}/acme-cron.log 2>&1"
|
||||
state: absent
|
||||
tags: [ 'letsencrypt', 'letsencrypt_cron', 'letsencrypt_acme_sh', 'letsencrypt_acme_sh_scripts' ]
|
||||
|
||||
- name: Install a daily cron job to renew the certificates when needed. It runs as root
|
||||
cron:
|
||||
name: "Letsencrypt certificate renewal"
|
||||
cron_file: letsencrypt_renew_certificates
|
||||
user: root
|
||||
day: '{{ letsencrypt_acme_cron_day_of_month }}'
|
||||
hour: '{{ letsencrypt_acme_cron_hour }}'
|
||||
minute: '{{ letsencrypt_acme_cron_minute }}'
|
||||
|
|
Loading…
Reference in New Issue