gregandev/ansible-role-certbot
gregandev/ansible-role-certbot
1
0
Fork 0
mirror of https://github.com/geerlingguy/ansible-role-certbot.git synced 2025-04-19 17:01:37 +02:00
Code Issues Projects Releases Wiki Activity

Install certificates

Browse Source
This commit is contained in:
nick 2017-01-24 12:48:41 +02:00
parent 52dbc87e22
commit 9e00589518
2 changed files with 77 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
defaults/main.yml
View File

@ -12,3 +12,8 @@ certbot_auto_renew: true
certbot_auto_renew_user: "{{ ansible_user }}" certbot_auto_renew_user: "{{ ansible_user }}"
certbot_auto_renew_hour: 3 certbot_auto_renew_hour: 3
certbot_auto_renew_minute: 30 certbot_auto_renew_minute: 30
# Install certificates
certbot_email: ""
certbot_domain: ""
certbot_subdomains: []

74
tasks/main.yml
View File

@ -11,11 +11,81 @@
path: "{{ certbot_dir }}/certbot-auto" path: "{{ certbot_dir }}/certbot-auto"
mode: 0755 mode: 0755
- name: Stop nginx
service:
name: nginx
state: stopped
when: drupalvm_webserver == 'nginx'
- name: Stop apache2
service:
name: apache2
state: stopped
when: drupalvm_webserver == 'apache' and ansible_os_family == 'Debian'
- name: Stop httpd
service:
name: httpd
state: stopped
when: drupalvm_webserver == 'apache' and ansible_os_family == 'RedHat'
- name: Check if letsencrypt certificate file exists
stat: path="/etc/letsencrypt/live/{{ certbot_domain }}/privkey.pem"
register: r_cert_domain
- name: Run certbot generation for each host
command: "{{ certbot_dir }}/certbot-auto certonly --standalone --email {{ certbot_email }} -d {{ certbot_domain }} -d www.{{ certbot_domain }}"
when: not r_cert_domain.stat.exists
- name: Run certbot generation for additional subdomains
command: "{{ certbot_dir }}/certbot-auto certonly --standalone --email {{ certbot_email }} -d {{ item }}.{{ certbot_domain }}"
with_items: "{{ certbot_subdomains }}"
when: not r_cert_domain.stat.exists
- name: Start nginx
service:
name: nginx
state: started
when: drupalvm_webserver == 'nginx'
- name: Start apache2
service:
name: apache2
state: started
when: drupalvm_webserver == 'apache' and ansible_os_family == 'Debian'
- name: Start httpd
service:
name: httpd
state: started
when: drupalvm_webserver == 'apache' and ansible_os_family == 'RedHat'
- name: Add cron job for 'certbot-auto renew' (if configured). - name: Add cron job for 'certbot-auto renew' (if configured).
cron: cron:
name: Certbot automatic renewal. name: Certbot automatic renewal.
job: "{{ certbot_dir }}/certbot-auto renew --quiet --no-self-upgrade" job: "{{ certbot_dir }}/certbot-auto renew --quiet --agree-tos --pre-hook 'service nginx stop' --post-hook 'service nginx start'"
minute: "{{ certbot_auto_renew_minute }}" minute: "{{ certbot_auto_renew_minute }}"
hour: "{{ certbot_auto_renew_hour }}" hour: "{{ certbot_auto_renew_hour }}"
user: "{{ certbot_auto_renew_user }}" user: "{{ certbot_auto_renew_user }}"
when: certbot_auto_renew cron_file: certbot-cron
when: certbot_auto_renew and drupalvm_webserver == 'nginx'
- name: Add cron job for 'certbot-auto renew' (if configured).
cron:
name: Certbot automatic renewal.
job: "{{ certbot_dir }}/certbot-auto renew --quiet --agree-tos --pre-hook 'service apache2 stop' --post-hook 'service apache2 start'"
minute: "{{ certbot_auto_renew_minute }}"
hour: "{{ certbot_auto_renew_hour }}"
user: "{{ certbot_auto_renew_user }}"
cron_file: certbot-cron
when: certbot_auto_renew and drupalvm_webserver == 'apache' and ansible_os_family == 'Debian'
- name: Add cron job for 'certbot-auto renew' (if configured).
cron:
name: Certbot automatic renewal.
job: "{{ certbot_dir }}/certbot-auto renew --quiet --agree-tos --pre-hook 'service httpd stop' --post-hook 'service httpd start'"
minute: "{{ certbot_auto_renew_minute }}"
hour: "{{ certbot_auto_renew_hour }}"
user: "{{ certbot_auto_renew_user }}"
cron_file: certbot-cron
when: certbot_auto_renew and drupalvm_webserver == 'apache' and ansible_os_family == 'RedHat'