gregandev/ansible-role-certbot
gregandev/ansible-role-certbot
1
0
Fork 0
mirror of https://github.com/geerlingguy/ansible-role-certbot.git synced 2025-04-19 17:01:37 +02:00
Code Issues Projects Releases Wiki Activity

Fix stop_services; fix ssl_protocols

Browse Source 
certbot_create_standalone_stop_services is ok for this test case, but for use as a complete example should stop nginx service.
Also TLSv1.1 is not safety, better to use TLSv1.2 and TLSv1.3.
This commit is contained in:
Alexander Chumakov 2022-06-10 10:12:15 +03:00 committed by GitHub
parent c6297ddebb
commit d0d785ac28
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
molecule/default/playbook-standalone-nginx-aws.yml
View File

@ -89,7 +89,8 @@
vars: vars:
certbot_admin_email: https@servercheck.in certbot_admin_email: https@servercheck.in
certbot_create_if_missing: true certbot_create_if_missing: true
certbot_create_standalone_stop_services: [] certbot_create_standalone_stop_services:
- nginx
certbot_certs: certbot_certs:
- domains: - domains:
- certbot-test.servercheck.in - certbot-test.servercheck.in
@ -104,7 +105,7 @@
extra_parameters: | extra_parameters: |
ssl_certificate /etc/letsencrypt/live/certbot-test.servercheck.in/fullchain.pem; ssl_certificate /etc/letsencrypt/live/certbot-test.servercheck.in/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/certbot-test.servercheck.in/privkey.pem; ssl_certificate_key /etc/letsencrypt/live/certbot-test.servercheck.in/privkey.pem;
ssl_protocols TLSv1.1 TLSv1.2; ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5; ssl_ciphers HIGH:!aNULL:!MD5;
pre_tasks: pre_tasks: