Install certificates

2025-04-19 17:01:37 +02:00 · 2017-01-24 12:48:41 +02:00 · 2017-01-24 12:48:41 +02:00 · 9e00589518
commit 9e00589518
parent 52dbc87e22
2 changed files with 77 additions and 2 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -12,3 +12,8 @@ certbot_auto_renew: true
 certbot_auto_renew_user: "{{ ansible_user }}"
 certbot_auto_renew_hour: 3
 certbot_auto_renew_minute: 30
+
+# Install certificates
+certbot_email: ""
+certbot_domain: ""
+certbot_subdomains: []
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -11,11 +11,81 @@
    path: "{{ certbot_dir }}/certbot-auto"
    mode: 0755

+- name: Stop nginx
+  service:
+    name: nginx
+    state: stopped
+  when: drupalvm_webserver == 'nginx'
+
+- name: Stop apache2
+  service:
+    name: apache2
+    state: stopped
+  when: drupalvm_webserver == 'apache' and ansible_os_family == 'Debian'
+
+- name: Stop httpd
+  service:
+    name: httpd
+    state: stopped
+  when: drupalvm_webserver == 'apache' and ansible_os_family == 'RedHat'
+
+- name: Check if letsencrypt certificate file exists
+  stat: path="/etc/letsencrypt/live/{{ certbot_domain }}/privkey.pem"
+  register: r_cert_domain
+
+- name: Run certbot generation for each host
+  command: "{{ certbot_dir }}/certbot-auto certonly --standalone --email {{ certbot_email }} -d {{ certbot_domain }} -d www.{{ certbot_domain }}"
+  when: not r_cert_domain.stat.exists
+
+- name: Run certbot generation for additional subdomains
+  command: "{{ certbot_dir }}/certbot-auto certonly --standalone --email {{ certbot_email }} -d {{ item }}.{{ certbot_domain }}"
+  with_items: "{{ certbot_subdomains }}"
+  when: not r_cert_domain.stat.exists
+
+- name: Start nginx
+  service:
+    name: nginx
+    state: started
+  when: drupalvm_webserver == 'nginx'
+
+- name: Start apache2
+  service:
+    name: apache2
+    state: started
+  when: drupalvm_webserver == 'apache' and ansible_os_family == 'Debian'
+
+- name: Start httpd
+  service:
+    name: httpd
+    state: started
+  when: drupalvm_webserver == 'apache' and ansible_os_family == 'RedHat'
+
 - name: Add cron job for 'certbot-auto renew' (if configured).
  cron:
    name: Certbot automatic renewal.
-    job: "{{ certbot_dir }}/certbot-auto renew --quiet --no-self-upgrade"
+    job: "{{ certbot_dir }}/certbot-auto renew --quiet --agree-tos --pre-hook 'service nginx stop' --post-hook 'service nginx start'"
    minute: "{{ certbot_auto_renew_minute }}"
    hour: "{{ certbot_auto_renew_hour }}"
    user: "{{ certbot_auto_renew_user }}"
-  when: certbot_auto_renew
+    cron_file: certbot-cron
+  when: certbot_auto_renew and drupalvm_webserver == 'nginx'
+
+- name: Add cron job for 'certbot-auto renew' (if configured).
+  cron:
+    name: Certbot automatic renewal.
+    job: "{{ certbot_dir }}/certbot-auto renew --quiet --agree-tos --pre-hook 'service apache2 stop' --post-hook 'service apache2 start'"
+    minute: "{{ certbot_auto_renew_minute }}"
+    hour: "{{ certbot_auto_renew_hour }}"
+    user: "{{ certbot_auto_renew_user }}"
+    cron_file: certbot-cron
+  when: certbot_auto_renew and drupalvm_webserver == 'apache'  and ansible_os_family == 'Debian'
+
+- name: Add cron job for 'certbot-auto renew' (if configured).
+  cron:
+    name: Certbot automatic renewal.
+    job: "{{ certbot_dir }}/certbot-auto renew --quiet --agree-tos --pre-hook 'service httpd stop' --post-hook 'service httpd start'"
+    minute: "{{ certbot_auto_renew_minute }}"
+    hour: "{{ certbot_auto_renew_hour }}"
+    user: "{{ certbot_auto_renew_user }}"
+    cron_file: certbot-cron
+  when: certbot_auto_renew and drupalvm_webserver == 'apache'  and ansible_os_family == 'RedHat'