Merge branch 'master' of adellam/ansible-roles into master
This commit is contained in:
commit
e89702f3d0
|
@ -9,6 +9,8 @@ letsencrypt_acme_user_home: /var/lib/acme
|
||||||
letsencrypt_acme_git_dest_dir: '{{ letsencrypt_acme_user_home }}/acme_sh_dist'
|
letsencrypt_acme_git_dest_dir: '{{ letsencrypt_acme_user_home }}/acme_sh_dist'
|
||||||
letsencrypt_acme_sh_user_home: '{{ letsencrypt_acme_user_home }}'
|
letsencrypt_acme_sh_user_home: '{{ letsencrypt_acme_user_home }}'
|
||||||
letsencrypt_acme_sh_base_data_dir: '{{ letsencrypt_acme_sh_user_home }}/acme_data'
|
letsencrypt_acme_sh_base_data_dir: '{{ letsencrypt_acme_sh_user_home }}/acme_data'
|
||||||
|
letsencrypt_acme_sh_certs_data_prefix: '{{ ansible_fqdn }}'
|
||||||
|
letsencrypt_acme_sh_certs_data_path: '{{ letsencrypt_acme_sh_base_data_dir }}/certs/{{ letsencrypt_acme_sh_certs_data_prefix }}'
|
||||||
letsencrypt_acme_sh_certificates_install_dir: '{{ ansible_fqdn }}'
|
letsencrypt_acme_sh_certificates_install_dir: '{{ ansible_fqdn }}'
|
||||||
letsencrypt_acme_sh_certificates_install_base_path: '{{ letsencrypt_acme_sh_user_home }}/live'
|
letsencrypt_acme_sh_certificates_install_base_path: '{{ letsencrypt_acme_sh_user_home }}/live'
|
||||||
letsencrypt_acme_sh_certificates_install_path: '{{ letsencrypt_acme_sh_certificates_install_base_path }}/{{ letsencrypt_acme_sh_certificates_install_dir }}'
|
letsencrypt_acme_sh_certificates_install_path: '{{ letsencrypt_acme_sh_certificates_install_base_path }}/{{ letsencrypt_acme_sh_certificates_install_dir }}'
|
||||||
|
|
|
@ -13,7 +13,12 @@ else
|
||||||
fi
|
fi
|
||||||
|
|
||||||
chown -R acme:acme "$ACME_SH_HOME"
|
chown -R acme:acme "$ACME_SH_HOME"
|
||||||
sudo -u acme -s /bin/bash /usr/local/bin/acme-sh-cron-command
|
if [ "$ACME_SH_HTTP_BIND_PORT" -eq 80 ] && [ "$ACME_SH_USE_DNS_PROVIDER" == "False" ] ; then
|
||||||
|
/usr/local/bin/acme-sh-cron-command
|
||||||
|
chown -R acme:acme "$ACME_SH_HOME"
|
||||||
|
else
|
||||||
|
sudo -u acme -s /bin/bash /usr/local/bin/acme-sh-cron-command
|
||||||
|
fi
|
||||||
|
|
||||||
if [ "$ACME_SH_INSTALL_CERTS" == "True" ] ; then
|
if [ "$ACME_SH_INSTALL_CERTS" == "True" ] ; then
|
||||||
$ACME_SH_BIN $ACME_SH_INSTALL_CERT_REQUEST > "$ACME_SH_INSTALL_LOG_FILE" 2>&1
|
$ACME_SH_BIN $ACME_SH_INSTALL_CERT_REQUEST > "$ACME_SH_INSTALL_LOG_FILE" 2>&1
|
||||||
|
|
|
@ -17,7 +17,7 @@ else
|
||||||
fi
|
fi
|
||||||
RETVAL=
|
RETVAL=
|
||||||
|
|
||||||
if [ ! -f "$ACME_SH_CONFIG_HOME/ok_certificate_issued" ] ; then
|
if [ ! -f "$ACME_SH_CONFIG_HOME/ok_certificate_issued" ] && [ "$ACME_SH_USE_DNS_PROVIDER" == "False" ] ; then
|
||||||
# First request. Try to shut down all the services running on port 80
|
# First request. Try to shut down all the services running on port 80
|
||||||
if [ -x /bin/systemctl ] ; then
|
if [ -x /bin/systemctl ] ; then
|
||||||
/bin/systemctl stop nginx >/dev/null 2>&1
|
/bin/systemctl stop nginx >/dev/null 2>&1
|
||||||
|
@ -30,6 +30,15 @@ if [ ! -f "$ACME_SH_CONFIG_HOME/ok_certificate_issued" ] ; then
|
||||||
fi
|
fi
|
||||||
$ACME_SH_BIN $ACME_SH_FIRST_CERT_REQUEST > "$ACME_SH_ISSUE_LOG_FILE" 2>&1
|
$ACME_SH_BIN $ACME_SH_FIRST_CERT_REQUEST > "$ACME_SH_ISSUE_LOG_FILE" 2>&1
|
||||||
RETVAL=$?
|
RETVAL=$?
|
||||||
|
if [ -x /bin/systemctl ] ; then
|
||||||
|
/bin/systemctl start nginx >/dev/null 2>&1
|
||||||
|
/bin/systemctl start apache2 >/dev/null 2>&1
|
||||||
|
/bin/systemctl start httpd >/dev/null 2>&1
|
||||||
|
else
|
||||||
|
service nginx start
|
||||||
|
service apache2 start
|
||||||
|
service httpd start
|
||||||
|
fi
|
||||||
else
|
else
|
||||||
$ACME_SH_BIN $ACME_SH_ISSUE_CERT_REQUEST > "$ACME_SH_ISSUE_LOG_FILE" 2>&1
|
$ACME_SH_BIN $ACME_SH_ISSUE_CERT_REQUEST > "$ACME_SH_ISSUE_LOG_FILE" 2>&1
|
||||||
RETVAL=$?
|
RETVAL=$?
|
||||||
|
|
|
@ -114,10 +114,20 @@
|
||||||
- name: Install the certificates
|
- name: Install the certificates
|
||||||
shell: /usr/local/bin/acme-sh-install-certs
|
shell: /usr/local/bin/acme-sh-install-certs
|
||||||
when:
|
when:
|
||||||
- letsencrypt_acme_sh_explicitly_install_certs
|
- letsencrypt_acme_sh_explicitly_install_certs | bool
|
||||||
- acme_sh_certificate_issued is defined
|
- acme_sh_certificate_issued is defined
|
||||||
- acme_sh_certificate_issued is changed
|
- acme_sh_certificate_issued is changed
|
||||||
ignore_errors: True
|
ignore_errors: True
|
||||||
|
|
||||||
|
- name: Fix the http port in the configuration. Needed when we renew using the http protocol and we are behind a web server
|
||||||
|
lineinfile:
|
||||||
|
path: '{{ letsencrypt_acme_sh_certs_data_path }}/{{ letsencrypt_acme_sh_certs_data_prefix }}.conf'
|
||||||
|
create: no
|
||||||
|
state: present
|
||||||
|
regexp: "^Le_HTTPPort="
|
||||||
|
line: "Le_HTTPPort='{{ letsencrypt_acme_standalone_port }}'"
|
||||||
|
when: not letsencrypt_acme_sh_use_dns_provider | bool
|
||||||
|
tags: [ 'letsencrypt', 'letsencrypt_acme_sh', 'letsencrypt_acme_sh_http_port' ]
|
||||||
|
|
||||||
when: letsencrypt_acme_sh_install | bool
|
when: letsencrypt_acme_sh_install | bool
|
||||||
tags: [ 'letsencrypt', 'letsencrypt_acme_sh' ]
|
tags: [ 'letsencrypt', 'letsencrypt_acme_sh' ]
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
{% if letsencrypt_acme_sh_log_enabled %}
|
{% if letsencrypt_acme_sh_log_enabled %}
|
||||||
LOG_FILE="{{ letsencrypt_acme_sh_base_data_dir }}/logs"
|
LOG_FILE="{{ letsencrypt_acme_sh_base_data_dir }}/logs/cert_request.log"
|
||||||
LOG_LEVEL=1
|
LOG_LEVEL=1
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
|
|
|
@ -11,6 +11,8 @@ ACME_SH_CRON_LOG_FILE={{ letsencrypt_acme_sh_base_data_dir }}/logs/cron.log
|
||||||
ACME_SH_INSTALL_LOG_FILE={{ letsencrypt_acme_sh_log_dir }}/cert_install.log
|
ACME_SH_INSTALL_LOG_FILE={{ letsencrypt_acme_sh_log_dir }}/cert_install.log
|
||||||
ACME_SH_GIT_DIST_DIR={{ letsencrypt_acme_git_dest_dir }}
|
ACME_SH_GIT_DIST_DIR={{ letsencrypt_acme_git_dest_dir }}
|
||||||
ACME_LETSENCRYPT_HOOKS_DIR={{ letsencrypt_acme_services_scripts_dir }}
|
ACME_LETSENCRYPT_HOOKS_DIR={{ letsencrypt_acme_services_scripts_dir }}
|
||||||
|
ACME_SH_HTTP_BIND_PORT={{ letsencrypt_acme_standalone_port }}
|
||||||
|
ACME_SH_USE_DNS_PROVIDER="{{ letsencrypt_acme_sh_use_dns_provider }}"
|
||||||
|
|
||||||
ACME_SH_INSTALL_CERTS={{ letsencrypt_acme_sh_explicitly_install_certs }}
|
ACME_SH_INSTALL_CERTS={{ letsencrypt_acme_sh_explicitly_install_certs }}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue