Removed unnecessary logic for certbot standalone

2025-04-19 17:01:37 +02:00 · 2020-10-25 12:31:38 +01:00 · 2020-10-25 12:31:38 +01:00 · 11df14f31d
commit 11df14f31d
parent a2cd3d7f4f
4 changed files with 2 additions and 31 deletions
--- a/README.md
+++ b/README.md
@ -51,15 +51,6 @@ A list of domains (and other data) for which certs should be generated. You can

 The `certbot_create_command` defines the command used to generate the cert.

-#### Standalone Certificate Generation
-
-    certbot_create_standalone_stop_services:
-      - nginx
-
-Services that should be stopped while `certbot` runs it's own standalone server on ports 80 and 443. If you're running Apache, set this to `apache2` (Ubuntu), or `httpd` (RHEL), or if you have Nginx on port 443 and something else on port 80 (e.g. Varnish, a Java app, or something else), add it to the list so it is stopped when the certificate is generated.
-
-These services will only be stopped the first time a new cert is generated.
-
 ### Source Installation from Git

 You can install Certbot from it's Git source repository if desired. This might be useful in several cases, but especially when older distributions don't have Certbot packages available (e.g. CentOS < 7, Ubuntu < 16.10 and Debian < 8).
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -2,14 +2,14 @@
 # Certbot auto-renew cron job configuration (for certificate renewals).
 certbot_test: false
 certbot_auto_renew: true
-certbot_auto_renew_user: "{{ ansible_user | default(lookup('env', 'USER')) }}"
+certbot_auto_renew_user: root
 certbot_auto_renew_hour: "3"
 certbot_auto_renew_minute: "30"
 certbot_auto_renew_options: >-
  --quiet --no-self-upgrade --dns-route53 {%if certbot_test%}--test{%endif%}

 # Parameters used when creating new Certbot certs.
-certbot_create_if_missing: false
+certbot_create_if_missing: true
 certbot_create_method: certonly
 certbot_admin_email: email@example.com
 certbot_certs: []
@ -24,11 +24,6 @@ certbot_create_command: >-
  --email {{ cert_item.email | default(certbot_admin_email) }} --dns-route53
  -d {{ cert_item.domains | join(",") }} {%if certbot_test%}--test{%endif%}

-certbot_create_standalone_stop_services:
-  - nginx
-  # - apache
-  # - varnish
-
 # To install from source (on older OSes or if you need a specific or newer
 # version of Certbot), set this variable to `yes` and configure other options.
 certbot_install_from_source: false
--- a/molecule/default/playbook-standalone-nginx-aws.yml
+++ b/molecule/default/playbook-standalone-nginx-aws.yml
@ -89,7 +89,6 @@
  vars:
    certbot_admin_email: https@servercheck.in
    certbot_create_if_missing: true
-    certbot_create_standalone_stop_services: []
    certbot_certs:
      - domains:
          - certbot-test.servercheck.in
--- a/tasks/create-cert-standalone.yml
+++ b/tasks/create-cert-standalone.yml
@ -4,20 +4,6 @@
    path: /etc/letsencrypt/live/{{ cert_item.domains | first | replace('*.', '') }}/cert.pem
  register: letsencrypt_cert

- name: Stop services to allow certbot to generate a cert.
-  service:
-    name: "{{ item }}"
-    state: stopped
-  when: not letsencrypt_cert.stat.exists
-  with_items: "{{ certbot_create_standalone_stop_services }}"
-
 - name: Generate new certificate if one doesn't exist.
  command: "{{ certbot_create_command }}"
  when: not letsencrypt_cert.stat.exists
-
- name: Start services after cert has been generated.
-  service:
-    name: "{{ item }}"
-    state: started
-  when: not letsencrypt_cert.stat.exists
-  with_items: "{{ certbot_create_standalone_stop_services }}"