optimize renewal-hook creation: run it only once and not per domain

4 years ago · bd58f8e72c
parent 123facdbab
commit bd58f8e72c
3 changed files with 18 additions and 14 deletions
--- a/tasks/create-cert-webroot.yml
+++ b/tasks/create-cert-webroot.yml
@ -4,20 +4,6 @@
    path: /etc/letsencrypt/live/{{ cert_item.domains | first }}/cert.pem
  register: letsencrypt_cert
 - name: Ensure deploy hook directory exists
  file:
    path: /etc/letsencrypt/renewal-hooks/deploy
    state: directory
    mode: 0755
 - name: Create deploy hook
  copy:
    content: "{{ certbot_deployhook }}"
    dest: /etc/letsencrypt/renewal-hooks/deploy/ansible.sh
    mode: u+rwx
  run_once: true
  when: certbot_deployhook is defined
 - name: Create webroot directory if it doesn't exist yet
  file:
    path: "{{ cert_item.webroot | default(certbot_webroot) }}"
--- a/tasks/install-deploy-hook.yml
+++ b/tasks/install-deploy-hook.yml
@ -0,0 +1,14 @@
 - name: Ensure deploy hook directory exists
  file:
    path: /etc/letsencrypt/renewal-hooks/deploy
    state: directory
    mode: 0755
  when: certbot_deployhook is defined
 - name: Create deploy hook
  copy:
    content: "{{ certbot_deployhook }}"
    dest: /etc/letsencrypt/renewal-hooks/deploy/ansible.sh
    mode: u+rwx
  when: certbot_deployhook is defined
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -29,5 +29,9 @@
  loop_control:
    loop_var: cert_item
 - include_tasks: install-deploy-hook.yml
  when:
    - certbot_create_method == 'webroot'
 - import_tasks: renew-cron.yml
  when: certbot_auto_renew