Remove the role that installed the old letsencrypt client.

This commit is contained in:
Andrea Dell'Amico 2017-11-19 16:40:43 +01:00
parent 3af64a4559
commit f543de7448
5 changed files with 0 additions and 146 deletions

View File

@ -1,33 +0,0 @@
---
letsencrypt_install: False
letsencrypt_git_repo: 'https://github.com/letsencrypt/letsencrypt'
letsencrypt_dest_dir: /opt
letsencrypt_update_repo: True
letsencrypt_prerequisites:
- git
- bc
letsencrypt_auto: '{{ letsencrypt_dest_dir }}/letsencrypt/letsencrypt-auto'
letsencrypt_install_path: /root/.local/share/letsencrypt
letsencrypt_config_dir: /etc/letsencrypt
letsencrypt_certs_dir: '{{ letsencrypt_config_dir }}/live/{{ ansible_fqdn }}'
# In seconds. Default 7 days
letsencrypt_renew_before: 604800
letsencrypt_logdir: /var/log/letsencrypt
# The various services maintainers need to put the reconfigure/restart scripts there
letsencrypt_services_scripts_dir: /usr/local/lib/letsencrypt
# cli.ini parameters
letsencrypt_rsa_key_size: 4096
letsencrypt_email: sysadmin@example.com
letsencrypt_authenticator: standalone
letsencrypt_standalone_supp_challenges: 'http-01'
letsencrypt_agree_tos: True
letsencrypt_verbose: False
letsencrypt_text_interface: True
# The first on the list gives the name to the certs live directory.
# If it is not the machine FQDN, change the letsencrypt_cert_dir definition.
letsencrypt_domains: '{{ ansible_fqdn }} example.com example.org'
letsencrypt_renew_by_default: True
letsencrypt_standalone_port: 9999

View File

@ -1,50 +0,0 @@
---
- name: Install the letsencrypt package dependencies
apt: name={{ item }} state=present
with_items: '{{ letsencrypt_prerequisites }}'
when: letsencrypt_install
tags: letsencrypt
- name: Get the letsencrypt client
git: repo={{ letsencrypt_git_repo }} dest={{ letsencrypt_dest_dir }}/letsencrypt update={{ letsencrypt_update_repo }}
with_items: '{{ letsencrypt_prerequisites }}'
when: letsencrypt_install
tags: letsencrypt
- name: letsencrypt initializaztion
command: '{{ letsencrypt_auto }}'
args:
creates: '{{ letsencrypt_install_path }}/bin/letsencrypt'
when: letsencrypt_install
tags: letsencrypt
- name: Create the letsencrypt config directory
file: dest={{ letsencrypt_config_dir }} state=directory owner=root group=root mode=0755
when: letsencrypt_install
tags: letsencrypt
- name: Create the letsencrypt services scripts directory
file: dest={{ letsencrypt_services_scripts_dir }} state=directory owner=root group=root mode=0755
when: letsencrypt_install
tags: letsencrypt
- name: Install the letsencrypt cli.ini file
template: src=cli.ini.j2 dest={{ letsencrypt_config_dir }}/cli.ini owner=root group=root mode=0640
when: letsencrypt_install
tags: letsencrypt
- name: Install a default file that shell scripts can include
template: src=letsencrypt-default.j2 dest=/etc/default/letsencrypt owner=root group=root mode=0644
when: letsencrypt_install
tags: letsencrypt
- name: Install the command that asks for the certificates and their renewal
template: src=letsencrypt-cert-request.sh.j2 dest=/usr/local/sbin/letsencrypt-cert-request owner=root group=root mode=0550
when: letsencrypt_install
tags: letsencrypt
- name: Install a daily cron job to renew the certificates when needed
cron: name="Letsencrypt certificate renewal" special_time=daily job="/usr/local/sbin/letsencrypt-cert-request > {{ letsencrypt_logdir }}/letsencrypt-cert-cron.log 2>&1"
when: letsencrypt_install
tags: letsencrypt

View File

@ -1,10 +0,0 @@
rsa-key-size = {{ letsencrypt_rsa_key_size }}
email = {{ letsencrypt_email }}
authenticator = {{ letsencrypt_authenticator }}
standalone-supported-challenges = {{ letsencrypt_standalone_supp_challenges }}
agree-tos = {{ letsencrypt_agree_tos }}
{% if letsencrypt_verbose %}
verbose = {{ letsencrypt_verbose }}
{% endif %}
text = {{ letsencrypt_text_interface }}
renew-by-default = {{ letsencrypt_renew_by_default }}

View File

@ -1,45 +0,0 @@
#!/bin/bash
RENEW_BEFORE={{ letsencrypt_renew_before }}
LETSENCRYPT_BIN={{ letsencrypt_auto }}
LE_CERT_DIR={{ letsencrypt_certs_dir }}
LE_SERVICES_SCRIPT_DIR={{ letsencrypt_services_scripts_dir }}
LOG_DIR={{ letsencrypt_logdir }}
VALIDITY_RETVAL=0
DOMAINS="{{ letsencrypt_domains }}"
CERT_DOMAINS_LIST=
ACTION=certonly
RETVAL=0
# Check if the cert file exists. If not, it is a certificate request and not a renewal.
if [ -f $LE_CERT_DIR/cert.pem ] ; then
VALIDITY_CHECK=$( openssl x509 -checkend $RENEW_BEFORE -noout -in $LE_CERT_DIR/cert.pem )
VALIDITY_RETVAL=$?
if [ $VALIDITY_RETVAL -eq 0 ] ; then
echo "The certificate is still valid" >> $LOG_DIR/letsencrypt_request.log
exit 0
else
ACTION=renew
fi
fi
if [ "$ACTION" === "certonly" ] ; then
for dom in $DOMAINS ; do
CERT_DOMAINS_LIST+=" -d $dom"
done
fi
# Ask for a new certificate. First request or renewal are the same. We only support the standalone method right now
$LETSENCRYPT_BIN $ACTION $CERT_DOMAINS_LIST --http-01-port {{ letsencrypt_standalone_port }} --config /etc/letsencrypt/cli.ini >> $LOG_DIR/letsencrypt_request.log 2>&1
RETVAL=$?
# Run the reconfiguration scripts to make the involved services load the new certificate
for f in $( /bin/ls -1 $LE_SERVICES_SCRIPT_DIR ) ; do
if [ -x $LE_SERVICES_SCRIPT_DIR/$f ] ; then
echo "Running $LE_SERVICES_SCRIPT_DIR/$f" >> $LOG_DIR/letsencrypt_request.log
$LE_SERVICES_SCRIPT_DIR/$f >> $LOG_DIR/letsencrypt_request.log 2>&1
fi
done
exit 0

View File

@ -1,8 +0,0 @@
RSA_KEY_SIZE={{ letsencrypt_rsa_key_size }}
LE_EMAIL={{ letsencrypt_email }}
LE_AUTHENTICATOR={{ letsencrypt_authenticator }}
LE_STANDALONE_SUPPORTED_CHALLENGES={{ letsencrypt_standalone_supp_challenges }}
LE_SERVICES_SCRIPT_DIR={{ letsencrypt_services_scripts_dir }}
LE_COMMAND={{ letsencrypt_auto }}
LE_CERTS_DIR={{ letsencrypt_certs_dir }}
LE_LOG_DIR={{ letsencrypt_logdir }}