mirror of
https://github.com/geerlingguy/ansible-role-certbot.git
synced 2025-04-19 17:01:37 +02:00
Merge 7ac32bda338f4161ce0a1c6795a206d159d1f617 into fdba1c435251341af7fbdfc44b276daafdea632f
This commit is contained in:
Yoan Tournade
GitHub
commit
52c25af0df
@ -19,7 +19,7 @@ certbot_certs: []
|
|||||||
# - example3.com
|
# - example3.com
|
||||||
certbot_create_command: >-
|
certbot_create_command: >-
|
||||||
{{ certbot_script }} certonly --standalone --noninteractive --agree-tos
|
{{ certbot_script }} certonly --standalone --noninteractive --agree-tos
|
||||||
--email {{ cert_item.email | default(certbot_admin_email) }}
|
--expand --email {{ cert_item.email | default(certbot_admin_email) }}
|
||||||
-d {{ cert_item.domains | join(',') }}
|
-d {{ cert_item.domains | join(',') }}
|
||||||
|
|
||||||
certbot_create_standalone_stop_services:
|
certbot_create_standalone_stop_services:
|
||||||
|
|||||||
@ -1,23 +1,28 @@
|
|||||||
---
|
---
|
||||||
- name: Check if certificate already exists.
|
- name: Check if certificate exists or has been changed.
|
||||||
stat:
|
import_tasks: test-cert-exists.yml
|
||||||
path: /etc/letsencrypt/live/{{ cert_item.domains | first | replace('*.', '') }}/cert.pem
|
|
||||||
register: letsencrypt_cert
|
|
||||||
|
|
||||||
- name: Stop services to allow certbot to generate a cert.
|
- name: Stop services to allow certbot to generate a cert.
|
||||||
service:
|
service:
|
||||||
name: "{{ item }}"
|
name: "{{ item }}"
|
||||||
state: stopped
|
state: stopped
|
||||||
when: not letsencrypt_cert.stat.exists
|
when: not letsencrypt_cert_exists.stat.exists or letsencrypt_cert_updated
|
||||||
with_items: "{{ certbot_create_standalone_stop_services }}"
|
with_items: "{{ certbot_create_standalone_stop_services }}"
|
||||||
|
|
||||||
- name: Generate new certificate if one doesn't exist.
|
- name: Generate new certificate if one doesn't exist.
|
||||||
command: "{{ certbot_create_command }}"
|
shell: "{{ certbot_create_command }}"
|
||||||
when: not letsencrypt_cert.stat.exists
|
when: not letsencrypt_cert_exists.stat.exists or letsencrypt_cert_updated
|
||||||
|
|
||||||
|
- name: Persist domain list to /etc/letsencrypt/domains-{{ cert_item.domains | first }}.
|
||||||
|
copy:
|
||||||
|
dest: /etc/letsencrypt/domains-{{ cert_item.domains | first }}.json
|
||||||
|
# Add a space here because of https://github.com/ansible/ansible/issues/6077
|
||||||
|
content: " {{ cert_item.domains | to_json }}\n"
|
||||||
|
when: not letsencrypt_cert_exists.stat.exists or letsencrypt_cert_updated
|
||||||
|
|
||||||
- name: Start services after cert has been generated.
|
- name: Start services after cert has been generated.
|
||||||
service:
|
service:
|
||||||
name: "{{ item }}"
|
name: "{{ item }}"
|
||||||
state: started
|
state: started
|
||||||
when: not letsencrypt_cert.stat.exists
|
when: not letsencrypt_cert_exists.stat.exists or letsencrypt_cert_updated
|
||||||
with_items: "{{ certbot_create_standalone_stop_services }}"
|
with_items: "{{ certbot_create_standalone_stop_services }}"
|
||||||
|
|||||||
19
tasks/test-cert-exists.yml
Normal file
19
tasks/test-cert-exists.yml
Normal file
@ -0,0 +1,19 @@
|
|||||||
|
---
|
||||||
|
- name: Check if certificate already exists.
|
||||||
|
stat:
|
||||||
|
path: /etc/letsencrypt/live/{{ cert_item.domains | first | replace('*.', '') }}/cert.pem
|
||||||
|
register: letsencrypt_cert_exists
|
||||||
|
|
||||||
|
- name: Check if certificate domain list has changed.
|
||||||
|
lineinfile:
|
||||||
|
path: /etc/letsencrypt/domains-{{ cert_item.domains | first | replace('*.', '') }}.json
|
||||||
|
line: " {{ cert_item.domains | to_json }}"
|
||||||
|
state: present
|
||||||
|
create: true
|
||||||
|
check_mode: true
|
||||||
|
register: letsencrypt_cert_contents
|
||||||
|
when: letsencrypt_cert_exists.stat.exists
|
||||||
|
|
||||||
|
- set_fact:
|
||||||
|
letsencrypt_cert_updated: "{{ (letsencrypt_cert_contents is changed) or (letsencrypt_cert_contents is failed) }}"
|
||||||
|
when: letsencrypt_cert_exists.stat.exists
|
||||||
Loading…
x
Reference in New Issue
Block a user
