forked from ISTI-ansible-roles/ansible-roles
Remove duplicates from the acme.sh env. Add tags that permit to install the scripts without executing them.
This commit is contained in:
parent
1bcd77e306
commit
9b4f3d3d46
|
@ -31,15 +31,19 @@
|
|||
- name: Install the acme.sh environment variables file
|
||||
template: src=acme_sh_request_env.j2 dest=/etc/default/acme_sh_request_env owner=root group=root mode=0444
|
||||
register: acme_sh_issue
|
||||
tags: [ 'letsencrypt', 'letsencrypt_cron', 'letsencrypt_acme_sh', 'letsencrypt_acme_sh_env' ]
|
||||
|
||||
- name: Install the script that initializes the acme.sh environment
|
||||
copy: src=acme-sh-install dest=/usr/local/bin/acme-sh-install owner=root group=acme mode=0750
|
||||
tags: [ 'letsencrypt', 'letsencrypt_cron', 'letsencrypt_acme_sh', 'letsencrypt_acme_sh_scripts' ]
|
||||
|
||||
- name: Install a script that issues the certificates
|
||||
copy: src=acme-sh-request-cert dest=/usr/local/bin/acme-sh-request-cert owner=root group=acme mode=0750
|
||||
tags: [ 'letsencrypt', 'letsencrypt_cron', 'letsencrypt_acme_sh', 'letsencrypt_acme_sh_scripts' ]
|
||||
|
||||
- name: Install a script that installs the issued certificates
|
||||
copy: src=acme-sh-install-certs dest=/usr/local/bin/acme-sh-install-certs owner=root group=acme mode=0750
|
||||
tags: [ 'letsencrypt', 'letsencrypt_cron', 'letsencrypt_acme_sh', 'letsencrypt_acme_sh_scripts' ]
|
||||
|
||||
- name: Install the script that will run the services hooks when a certificate is installed
|
||||
template: src=acme-services-hook.j2 dest=/usr/local/bin/acme-services-hook owner=root group=acme mode=0750
|
||||
|
@ -49,13 +53,13 @@
|
|||
with_items:
|
||||
- acme-sh-cron-script
|
||||
- acme-sh-cron-command
|
||||
tags: [ 'letsencrypt', 'letsencrypt_cron', 'letsencrypt_acme_sh' ]
|
||||
tags: [ 'letsencrypt', 'letsencrypt_cron', 'letsencrypt_acme_sh', 'letsencrypt_acme_sh_scripts' ]
|
||||
|
||||
- name: Install a daily cron job to renew the certificates when needed. It runs as root
|
||||
cron: name="Letsencrypt certificate renewal" day={{ letsencrypt_acme_cron_day_of_month }} hour={{ letsencrypt_acme_cron_hour }} minute={{ letsencrypt_acme_cron_minute }} job="/usr/local/bin/acme-sh-cron-script > {{ letsencrypt_acme_sh_log_dir }}/acme-cron.log 2>&1"
|
||||
tags: [ 'letsencrypt', 'letsencrypt_cron', 'letsencrypt_acme_sh' ]
|
||||
tags: [ 'letsencrypt', 'letsencrypt_cron', 'letsencrypt_acme_sh', 'letsencrypt_acme_sh_scripts' ]
|
||||
|
||||
when: letsencrypt_acme_sh_install
|
||||
when: letsencrypt_acme_sh_install | bool
|
||||
tags: [ 'letsencrypt', 'letsencrypt_acme_sh' ]
|
||||
|
||||
- block:
|
||||
|
|
|
@ -26,15 +26,15 @@ ACME_SH_INSTALL_OPTS="$ACME_SH_INSTALL_OPTS --home {{ letsencrypt_acme_sh_user_h
|
|||
#
|
||||
# Certificate issue options
|
||||
#
|
||||
ACME_SH_ISSUE_CERT_REQUEST="--issue -k {% if letsencrypt_acme_sh_use_ecc %}{{ letsencrypt_acme_sh_ecc_key_lenght }}{% else %}{{ letsencrypt_acme_sh_rsa_key_lenght }}{% endif %} --log {{ letsencrypt_acme_sh_base_data_dir }}/logs/acme.sh.log"
|
||||
ACME_SH_ISSUE_CERT_REQUEST_OPTIONS="--issue -k {% if letsencrypt_acme_sh_use_ecc %}{{ letsencrypt_acme_sh_ecc_key_lenght }}{% else %}{{ letsencrypt_acme_sh_rsa_key_lenght }}{% endif %} --log {{ letsencrypt_acme_sh_base_data_dir }}/logs/acme.sh.log"
|
||||
{% if letsencrypt_acme_sh_ocsp_must_staple %}
|
||||
ACME_SH_ISSUE_CERT_REQUEST="$ACME_SH_ISSUE_CERT_REQUEST --ocsp"
|
||||
ACME_SH_ISSUE_CERT_REQUEST="$ACME_SH_ISSUE_CERT_REQUEST_OPTIONS --ocsp"
|
||||
{% endif %}
|
||||
{% if letsencrypt_acme_sh_use_syslog %}
|
||||
ACME_SH_ISSUE_CERT_REQUEST="$ACME_SH_ISSUE_CERT_REQUEST --syslog {{ letsencrypt_acme_sh_syslog_level }}"
|
||||
ACME_SH_ISSUE_CERT_REQUEST="$ACME_SH_ISSUE_CERT_REQUEST_OPTIONS --syslog {{ letsencrypt_acme_sh_syslog_level }}"
|
||||
{% endif %}
|
||||
{% if letsencrypt_acme_sh_test_request %}
|
||||
ACME_SH_ISSUE_CERT_REQUEST="$ACME_SH_ISSUE_CERT_REQUEST --test"
|
||||
ACME_SH_ISSUE_CERT_REQUEST="$ACME_SH_ISSUE_CERT_REQUEST_OPTIONS --test"
|
||||
{% endif %}
|
||||
|
||||
ACME_SH_ISSUE_CERT_DOMAINS="{% for dom in letsencrypt_acme_sh_domains %} -d {{ dom.domain }} {% if dom.dns_provider is defined %} --dns {{ dom.dns_provider }} {% if dom.dns_alias_challenge is defined %} --challenge-alias {{ dom.dns_alias_challenge }} {% endif %} {% endif %} {% if dom.standalone is defined %} --standalone --httpport {{ letsencrypt_acme_standalone_port }} {% endif %} {% endfor %}"
|
||||
|
@ -42,10 +42,10 @@ ACME_SH_ISSUE_CERT_DOMAINS="{% for dom in letsencrypt_acme_sh_domains %} -d {{ d
|
|||
ACME_SH_FIRST_REQUEST_CERT_DOMAINS="{% for dom in letsencrypt_acme_sh_domains %} -d {{ dom.domain }} {% if dom.dns_provider is defined %} --dns {{ dom.dns_provider }} {% if dom.dns_alias_challenge is defined %} --challenge-alias {{ dom.dns_alias_challenge }} {% endif %} {% endif %} {% if dom.standalone is defined %} --standalone --httpport 80 {% endif %} {% endfor %}"
|
||||
|
||||
# The complete command line to issue a certificate
|
||||
ACME_SH_ISSUE_CERT_REQUEST="$ACME_SH_ISSUE_CERT_REQUEST $ACME_SH_ISSUE_CERT_DOMAINS"
|
||||
ACME_SH_ISSUE_CERT_REQUEST="$ACME_SH_ISSUE_CERT_REQUEST_OPTIONS $ACME_SH_ISSUE_CERT_DOMAINS"
|
||||
|
||||
# The complete command line to issue a certificate. The first time we have to use port 80 when not using the dns protocol
|
||||
ACME_SH_FIRST_CERT_REQUEST="$ACME_SH_ISSUE_CERT_REQUEST $ACME_SH_FIRST_REQUEST_CERT_DOMAINS"
|
||||
ACME_SH_FIRST_CERT_REQUEST="$ACME_SH_ISSUE_CERT_REQUEST_OPTIONS $ACME_SH_FIRST_REQUEST_CERT_DOMAINS"
|
||||
|
||||
#
|
||||
# Certificate install options
|
||||
|
|
Loading…
Reference in New Issue