gregandev/ansible-role-certbot
gregandev/ansible-role-certbot
1
0
Fork 0
mirror of https://github.com/geerlingguy/ansible-role-certbot.git synced 2025-04-19 17:01:37 +02:00
Code Issues Projects Releases Wiki Activity

Issue #12: Add basic standalone certbot cert generation.

Browse Source
This commit is contained in:
Jeff Geerling 2017-12-06 22:48:30 -06:00
parent 574c0843c8
commit 7651f0ac0b
4 changed files with 71 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
defaults/main.yml
View File

@ -6,6 +6,22 @@ certbot_auto_renew_hour: 3
certbot_auto_renew_minute: 30 certbot_auto_renew_minute: 30
certbot_auto_renew_options: "--quiet --no-self-upgrade" certbot_auto_renew_options: "--quiet --no-self-upgrade"
# Parameters used when creating new Certbot certs.
certbot_admin_email: email@example.com
certbot_create_command: "{{ certbot_script }} certonly --standalone --noninteractive --agree-tos --email {{ item.email | default(certbot_admin_email) }} -d {{ item.domains | join(',') }}"
certbot_create_if_missing: no
certbot_create_stop_services:
- nginx
# - apache
# - varnish
certbot_certs: []
# - email: janedoe@example.com
# domains:
# - example1.com
# - example2.com
# - domains:
# - example3.com
# To install from source (on older OSes or if you need a specific or newer # To install from source (on older OSes or if you need a specific or newer
# version of Certbot), set this variable to `yes` and configure other options. # version of Certbot), set this variable to `yes` and configure other options.
certbot_install_from_source: no certbot_install_from_source: no

23
tasks/create-cert-standalone.yml Normal file
View File

@ -0,0 +1,23 @@
---
- name: Check if certificate already exists.
stat:
path: /etc/letsencrypt/live/{{ item.domains | first }}/cert.pem
register: letsencrypt_cert
- name: Stop services to allow certbot to generate a cert.
service:
name: "{{ item }}"
state: stopped
when: not letsencrypt_cert.stat.exists
with_items: certbot_create_stop_services
- name: Generate new certificate if one doesn't exist.
shell: "{{ certbot_create_command }}"
when: not letsencrypt_cert.stat.exists
- name: Start services after cert has been generated.
service:
name: "{{ item }}"
state: started
when: not letsencrypt_cert.stat.exists
with_items: certbot_create_stop_services

4
tasks/main.yml
View File

@ -7,5 +7,9 @@
- include: install-from-source.yml - include: install-from-source.yml
when: certbot_install_from_source when: certbot_install_from_source
- include: create-cert-standalone.yml
with_items: "{{ certbot_certs }}"
when: certbot_create_if_missing
- include: renew-cron.yml - include: renew-cron.yml
when: certbot_auto_renew when: certbot_auto_renew

28
tests/test-nginx-aws.yml Normal file
View File

@ -0,0 +1,28 @@
---
- hosts: all
vars:
certbot_admin_email: https@servercheck.in
certbot_create_if_missing: yes
certbot_create_stop_services:
- nginx
certbot_certs:
- domains:
- certbot-test.servercheck.in
pre_tasks:
- name: Update apt cache.
apt: update_cache=yes cache_valid_time=600
when: ansible_os_family == 'Debian'
changed_when: false
- name: Install cron (RedHat).
yum: name=cronie state=present
when: ansible_os_family == 'RedHat'
- name: Install cron (Debian).
apt: name=cron state=present
when: ansible_os_family == 'Debian'
roles:
- role_under_test