forked from ISTI-ansible-roles/ansible-roles
Fix the behaviour when we request the certificate via http.
This commit is contained in:
parent
2da5d26ef6
commit
d019c0d8cd
|
@ -9,6 +9,8 @@ letsencrypt_acme_user_home: /var/lib/acme
|
|||
letsencrypt_acme_git_dest_dir: '{{ letsencrypt_acme_user_home }}/acme_sh_dist'
|
||||
letsencrypt_acme_sh_user_home: '{{ letsencrypt_acme_user_home }}'
|
||||
letsencrypt_acme_sh_base_data_dir: '{{ letsencrypt_acme_sh_user_home }}/acme_data'
|
||||
letsencrypt_acme_sh_certs_data_prefix: '{{ ansible_fqdn }}'
|
||||
letsencrypt_acme_sh_certs_data_path: '{{ letsencrypt_acme_sh_base_data_dir }}/certs/{{ letsencrypt_acme_sh_certs_data_prefix }}'
|
||||
letsencrypt_acme_sh_certificates_install_dir: '{{ ansible_fqdn }}'
|
||||
letsencrypt_acme_sh_certificates_install_base_path: '{{ letsencrypt_acme_sh_user_home }}/live'
|
||||
letsencrypt_acme_sh_certificates_install_path: '{{ letsencrypt_acme_sh_certificates_install_base_path }}/{{ letsencrypt_acme_sh_certificates_install_dir }}'
|
||||
|
|
|
@ -13,7 +13,12 @@ else
|
|||
fi
|
||||
|
||||
chown -R acme:acme "$ACME_SH_HOME"
|
||||
if [ "$ACME_SH_HTTP_BIND_PORT" -eq 80 ] && [ "$ACME_SH_USE_DNS_PROVIDER" == "False" ] ; then
|
||||
/usr/local/bin/acme-sh-cron-command
|
||||
chown -R acme:acme "$ACME_SH_HOME"
|
||||
else
|
||||
sudo -u acme -s /bin/bash /usr/local/bin/acme-sh-cron-command
|
||||
fi
|
||||
|
||||
if [ "$ACME_SH_INSTALL_CERTS" == "True" ] ; then
|
||||
$ACME_SH_BIN $ACME_SH_INSTALL_CERT_REQUEST > "$ACME_SH_INSTALL_LOG_FILE" 2>&1
|
||||
|
|
|
@ -17,7 +17,7 @@ else
|
|||
fi
|
||||
RETVAL=
|
||||
|
||||
if [ ! -f "$ACME_SH_CONFIG_HOME/ok_certificate_issued" ] ; then
|
||||
if [ ! -f "$ACME_SH_CONFIG_HOME/ok_certificate_issued" ] && [ "$ACME_SH_USE_DNS_PROVIDER" == "False" ] ; then
|
||||
# First request. Try to shut down all the services running on port 80
|
||||
if [ -x /bin/systemctl ] ; then
|
||||
/bin/systemctl stop nginx >/dev/null 2>&1
|
||||
|
@ -30,6 +30,15 @@ if [ ! -f "$ACME_SH_CONFIG_HOME/ok_certificate_issued" ] ; then
|
|||
fi
|
||||
$ACME_SH_BIN $ACME_SH_FIRST_CERT_REQUEST > "$ACME_SH_ISSUE_LOG_FILE" 2>&1
|
||||
RETVAL=$?
|
||||
if [ -x /bin/systemctl ] ; then
|
||||
/bin/systemctl start nginx >/dev/null 2>&1
|
||||
/bin/systemctl start apache2 >/dev/null 2>&1
|
||||
/bin/systemctl start httpd >/dev/null 2>&1
|
||||
else
|
||||
service nginx start
|
||||
service apache2 start
|
||||
service httpd start
|
||||
fi
|
||||
else
|
||||
$ACME_SH_BIN $ACME_SH_ISSUE_CERT_REQUEST > "$ACME_SH_ISSUE_LOG_FILE" 2>&1
|
||||
RETVAL=$?
|
||||
|
|
|
@ -114,10 +114,20 @@
|
|||
- name: Install the certificates
|
||||
shell: /usr/local/bin/acme-sh-install-certs
|
||||
when:
|
||||
- letsencrypt_acme_sh_explicitly_install_certs
|
||||
- letsencrypt_acme_sh_explicitly_install_certs | bool
|
||||
- acme_sh_certificate_issued is defined
|
||||
- acme_sh_certificate_issued is changed
|
||||
ignore_errors: True
|
||||
|
||||
- name: Fix the http port in the configuration. Needed when we renew using the http protocol and we are behind a web server
|
||||
lineinfile:
|
||||
path: '{{ letsencrypt_acme_sh_certs_data_path }}/{{ letsencrypt_acme_sh_certs_data_prefix }}.conf'
|
||||
create: no
|
||||
state: present
|
||||
regexp: "^Le_HTTPPort="
|
||||
line: "Le_HTTPPort='{{ letsencrypt_acme_standalone_port }}'"
|
||||
when: not letsencrypt_acme_sh_use_dns_provider | bool
|
||||
tags: [ 'letsencrypt', 'letsencrypt_acme_sh', 'letsencrypt_acme_sh_http_port' ]
|
||||
|
||||
when: letsencrypt_acme_sh_install | bool
|
||||
tags: [ 'letsencrypt', 'letsencrypt_acme_sh' ]
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
{% if letsencrypt_acme_sh_log_enabled %}
|
||||
LOG_FILE="{{ letsencrypt_acme_sh_base_data_dir }}/logs"
|
||||
LOG_FILE="{{ letsencrypt_acme_sh_base_data_dir }}/logs/cert_request.log"
|
||||
LOG_LEVEL=1
|
||||
{% endif %}
|
||||
|
||||
|
|
|
@ -11,6 +11,8 @@ ACME_SH_CRON_LOG_FILE={{ letsencrypt_acme_sh_base_data_dir }}/logs/cron.log
|
|||
ACME_SH_INSTALL_LOG_FILE={{ letsencrypt_acme_sh_log_dir }}/cert_install.log
|
||||
ACME_SH_GIT_DIST_DIR={{ letsencrypt_acme_git_dest_dir }}
|
||||
ACME_LETSENCRYPT_HOOKS_DIR={{ letsencrypt_acme_services_scripts_dir }}
|
||||
ACME_SH_HTTP_BIND_PORT={{ letsencrypt_acme_standalone_port }}
|
||||
ACME_SH_USE_DNS_PROVIDER="{{ letsencrypt_acme_sh_use_dns_provider }}"
|
||||
|
||||
ACME_SH_INSTALL_CERTS={{ letsencrypt_acme_sh_explicitly_install_certs }}
|
||||
|
||||
|
|
Loading…
Reference in New Issue