forked from ISTI-ansible-roles/ansible-roles
Request the certificates as root to bind port 80. Install the certificates after having obtained them, by default.
This commit is contained in:
parent
29e44b27a8
commit
1289862b9a
|
@ -44,7 +44,7 @@ letsencrypt_acme_certs_dir: '{{ letsencrypt_acme_sh_certificates_install_path }}
|
|||
letsencrypt_acme_services_scripts_dir: /usr/lib/acme/hooks
|
||||
letsencrypt_acme_sh_services_scripts_dir: '{{ letsencrypt_acme_services_scripts_dir }}'
|
||||
|
||||
letsencrypt_acme_sh_explicitly_install_certs: False
|
||||
letsencrypt_acme_sh_explicitly_install_certs: True
|
||||
|
||||
# ECC is better, but most old distributions fail on them
|
||||
letsencrypt_acme_sh_use_ecc: False
|
||||
|
|
|
@ -74,25 +74,24 @@
|
|||
- name: Create the letsencrypt acme.sh configuration
|
||||
template: src=account.conf.j2 dest={{ letsencrypt_acme_sh_base_data_dir }}/data/account.conf mode=0640
|
||||
|
||||
- name: Request the certificates
|
||||
shell: /usr/local/bin/acme-sh-request-cert
|
||||
#args:
|
||||
# creates: '{{ letsencrypt_acme_sh_base_data_dir }}/data/ok_certificate_issued'
|
||||
register: acme_sh_certificate_issued
|
||||
when: acme_sh_issue is changed
|
||||
notify: Install the requested certificates
|
||||
ignore_errors: True
|
||||
|
||||
- name: Remove the daily cron job that run as acme user.
|
||||
cron: name="Letsencrypt certificate renewal" day={{ letsencrypt_acme_cron_day_of_month }} hour={{ letsencrypt_acme_cron_hour }} minute={{ letsencrypt_acme_cron_minute }} job="/usr/local/bin/acme-sh-cron-script > {{ letsencrypt_acme_sh_log_dir }}/acme-cron.log 2>&1" state=absent
|
||||
tags: [ 'letsencrypt', 'letsencrypt_cron', 'letsencrypt_acme_sh' ]
|
||||
|
||||
become: True
|
||||
become_user: '{{ letsencrypt_acme_sh_user }}'
|
||||
when: letsencrypt_acme_sh_install
|
||||
when: letsencrypt_acme_sh_install | bool
|
||||
tags: [ 'letsencrypt', 'letsencrypt_acme_sh' ]
|
||||
|
||||
- block:
|
||||
- name: Request the certificates. As root because we must bind on port 80
|
||||
shell: /usr/local/bin/acme-sh-request-cert
|
||||
#args:
|
||||
# creates: '{{ letsencrypt_acme_sh_base_data_dir }}/data/ok_certificate_issued'
|
||||
register: acme_sh_certificate_issued
|
||||
when: acme_sh_issue is changed
|
||||
ignore_errors: True
|
||||
|
||||
- name: Check if the 'live' path is a symling. It is, if acmetool was installed
|
||||
stat: path={{ letsencrypt_acme_sh_certificates_install_path }}
|
||||
register: is_symlink
|
||||
|
@ -112,5 +111,5 @@
|
|||
- acme_sh_certificate_issued is changed
|
||||
ignore_errors: True
|
||||
|
||||
when: letsencrypt_acme_sh_install
|
||||
when: letsencrypt_acme_sh_install | bool
|
||||
tags: [ 'letsencrypt', 'letsencrypt_acme_sh' ]
|
||||
|
|
Loading…
Reference in New Issue