Move 'stop' services to pre-hook and post-hook. This way they will also be stopped and started when renewing.

- remove service stop/start tasks - add pre-hook/post-hook templates - add pre-hook/pos-hook template tasks
2025-04-19 17:01:37 +02:00 · 2019-02-20 11:06:31 +01:00 · 2019-02-20 11:06:31 +01:00 · 1ba6953741
commit 1ba6953741
parent 00dc226101
3 changed files with 45 additions and 13 deletions
--- a/tasks/create-cert-standalone.yml
+++ b/tasks/create-cert-standalone.yml
@ -4,20 +4,24 @@
    path: /etc/letsencrypt/live/{{ cert_item.domains | first | replace('*.', '') }}/cert.pem
  register: letsencrypt_cert

- name: Stop services to allow certbot to generate a cert.
-  service:
-    name: "{{ item }}"
-    state: stopped
-  when: not letsencrypt_cert.stat.exists
-  with_items: "{{ certbot_create_standalone_stop_services }}"
+- name: Create pre hook to stop services
+  template:
+    src: stop_services.j2
+    dest: /etc/letsencrypt/renewal-hooks/pre/stop_services
+    owner: root
+    group: root
+    mode: 0750
+  when: certbot_create_standalone_stop_services is defined and certbot_create_standalone_stop_services
+
+- name: create post hook to start services
+  template:
+    src: start_services.j2
+    dest: /etc/letsencrypt/renewal-hooks/post/start_services
+    owner: root
+    group: root
+    mode: 0750
+  when: certbot_create_standalone_stop_services is defined and certbot_create_standalone_stop_services

 - name: Generate new certificate if one doesn't exist.
  command: "{{ certbot_create_command }}"
  when: not letsencrypt_cert.stat.exists
-
- name: Start services after cert has been generated.
-  service:
-    name: "{{ item }}"
-    state: started
-  when: not letsencrypt_cert.stat.exists
-  with_items: "{{ certbot_create_standalone_stop_services }}"
--- a/templates/start_services.j2
+++ b/templates/start_services.j2
@ -0,0 +1,14 @@
+#!/bin/bash
+
+{% for item in certbot_create_standalone_stop_services %}
+echo "starting service {{ item }}"
+{% if ansible_service_mgr == 'systemd' %}
+systemctl start {{ item }}
+{% elif ansible_service_mgr == 'upstart' %}
+initctl start {{ item }}
+{% elif ansible_service_mgr == 'openrc' %}
+rc-service {{ item }} start
+{% else %}
+service {{ item }} start
+{% endif %}
+{% endfor %}
--- a/templates/stop_services.j2
+++ b/templates/stop_services.j2
@ -0,0 +1,14 @@
+#!/bin/bash
+
+{% for item in certbot_create_standalone_stop_services %}
+echo "stopping service {{ item }}"
+{% if ansible_service_mgr == 'systemd' %}
+systemctl stop {{ item }}
+{% elif ansible_service_mgr == 'upstart' %}
+initctl stop {{ item }}
+{% elif ansible_service_mgr == 'openrc' %}
+rc-service {{ item }} stop
+{% else %}
+service {{ item }} stop
+{% endif %}
+{% endfor %}