From 11df14f31d260c5a41a57925c9f9fd23781c01a2 Mon Sep 17 00:00:00 2001 From: Thiago Almeida Date: Sun, 25 Oct 2020 12:31:38 +0100 Subject: [PATCH] Removed unnecessary logic for certbot standalone --- README.md | 9 --------- defaults/main.yml | 9 ++------- molecule/default/playbook-standalone-nginx-aws.yml | 1 - tasks/create-cert-standalone.yml | 14 -------------- 4 files changed, 2 insertions(+), 31 deletions(-) diff --git a/README.md b/README.md index d959321..56e12f1 100644 --- a/README.md +++ b/README.md @@ -51,15 +51,6 @@ A list of domains (and other data) for which certs should be generated. You can The `certbot_create_command` defines the command used to generate the cert. -#### Standalone Certificate Generation - - certbot_create_standalone_stop_services: - - nginx - -Services that should be stopped while `certbot` runs it's own standalone server on ports 80 and 443. If you're running Apache, set this to `apache2` (Ubuntu), or `httpd` (RHEL), or if you have Nginx on port 443 and something else on port 80 (e.g. Varnish, a Java app, or something else), add it to the list so it is stopped when the certificate is generated. - -These services will only be stopped the first time a new cert is generated. - ### Source Installation from Git You can install Certbot from it's Git source repository if desired. This might be useful in several cases, but especially when older distributions don't have Certbot packages available (e.g. CentOS < 7, Ubuntu < 16.10 and Debian < 8). diff --git a/defaults/main.yml b/defaults/main.yml index 52f2c68..aea5f0c 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -2,14 +2,14 @@ # Certbot auto-renew cron job configuration (for certificate renewals). certbot_test: false certbot_auto_renew: true -certbot_auto_renew_user: "{{ ansible_user | default(lookup('env', 'USER')) }}" +certbot_auto_renew_user: root certbot_auto_renew_hour: "3" certbot_auto_renew_minute: "30" certbot_auto_renew_options: >- --quiet --no-self-upgrade --dns-route53 {%if certbot_test%}--test{%endif%} # Parameters used when creating new Certbot certs. -certbot_create_if_missing: false +certbot_create_if_missing: true certbot_create_method: certonly certbot_admin_email: email@example.com certbot_certs: [] @@ -24,11 +24,6 @@ certbot_create_command: >- --email {{ cert_item.email | default(certbot_admin_email) }} --dns-route53 -d {{ cert_item.domains | join(",") }} {%if certbot_test%}--test{%endif%} -certbot_create_standalone_stop_services: - - nginx - # - apache - # - varnish - # To install from source (on older OSes or if you need a specific or newer # version of Certbot), set this variable to `yes` and configure other options. certbot_install_from_source: false diff --git a/molecule/default/playbook-standalone-nginx-aws.yml b/molecule/default/playbook-standalone-nginx-aws.yml index 535fc89..8e3182c 100644 --- a/molecule/default/playbook-standalone-nginx-aws.yml +++ b/molecule/default/playbook-standalone-nginx-aws.yml @@ -89,7 +89,6 @@ vars: certbot_admin_email: https@servercheck.in certbot_create_if_missing: true - certbot_create_standalone_stop_services: [] certbot_certs: - domains: - certbot-test.servercheck.in diff --git a/tasks/create-cert-standalone.yml b/tasks/create-cert-standalone.yml index 6f25b8a..27d065f 100644 --- a/tasks/create-cert-standalone.yml +++ b/tasks/create-cert-standalone.yml @@ -4,20 +4,6 @@ path: /etc/letsencrypt/live/{{ cert_item.domains | first | replace('*.', '') }}/cert.pem register: letsencrypt_cert -- name: Stop services to allow certbot to generate a cert. - service: - name: "{{ item }}" - state: stopped - when: not letsencrypt_cert.stat.exists - with_items: "{{ certbot_create_standalone_stop_services }}" - - name: Generate new certificate if one doesn't exist. command: "{{ certbot_create_command }}" when: not letsencrypt_cert.stat.exists - -- name: Start services after cert has been generated. - service: - name: "{{ item }}" - state: started - when: not letsencrypt_cert.stat.exists - with_items: "{{ certbot_create_standalone_stop_services }}"