48 lines
1.8 KiB
YAML
48 lines
1.8 KiB
YAML
---
|
|
- name: self_signed_certificate | Letsencrypt is going to manage the certificates. Check if a certificate already exists
|
|
tags: [pki, ssl, letsencrypt]
|
|
block:
|
|
- name: self_signed_certificate | Check if a certificate already exists. If so, skip all the related tasks
|
|
ansible.builtin.stat:
|
|
path: "{{ letsencrypt_acme_sh_certificates_install_path }}"
|
|
register: true_cert
|
|
|
|
- name: self_signed_certificate | Manage self signed certificates, if letsencrypt is going to be installed
|
|
when:
|
|
- true_cert is defined
|
|
- true_cert.stat is defined
|
|
- true_cert.stat.islnk is not defined
|
|
tags: [pki, ssl, letsencrypt]
|
|
block:
|
|
- name: self_signed_certificate | Create the path to the self signed certificates
|
|
ansible.builtin.file:
|
|
path: "{{ item }}"
|
|
state: directory
|
|
owner: root
|
|
group: root
|
|
mode: "0755"
|
|
loop:
|
|
- "{{ letsencrypt_acme_sh_certificates_install_base_path }}"
|
|
- "{{ pki_dir }}/selfsigned"
|
|
|
|
- name: self_signed_certificate | Generate the self signed certificate and private key
|
|
ansible.builtin.command: openssl req -x509 -newkey rsa:2048 -keyout {{ self_signed_key }} -out {{ self_signed_cert }} -days 365 -nodes -subj '{{ self_signed_subject
|
|
}}'
|
|
args:
|
|
creates: "{{ self_signed_cert }}"
|
|
|
|
- name: self_signed_certificate | Copy the cert file into fullchain
|
|
ansible.builtin.copy:
|
|
src: "{{ self_signed_cert }}"
|
|
dest: "{{ self_signed_fullchain }}"
|
|
remote_src: true
|
|
owner: root
|
|
group: root
|
|
mode: "0644"
|
|
|
|
- name: self_signed_certificate | Create the symbolic link for the certificates into the letsencrypt live directory
|
|
ansible.builtin.file:
|
|
src: "{{ pki_dir }}/selfsigned"
|
|
dest: "{{ letsencrypt_acme_sh_certificates_install_path }}"
|
|
state: link
|