gregandev/ansible-role-certbot
gregandev/ansible-role-certbot
1
0
Fork 0
mirror of https://github.com/geerlingguy/ansible-role-certbot.git synced 2025-06-15 15:11:26 +02:00
Code Issues Projects Releases Wiki Activity

Compare commits

base: gregandev:a056da763eee49732cf815f927ce56dd5eb480c9
Branches Tags
gregandev:master
gregandev:134-snap-install-method
gregandev:12-standalone-cert-generation
gregandev:5.4.0
gregandev:5.3.1
gregandev:5.3.0
gregandev:5.2.1
gregandev:5.2.0
gregandev:5.1.1
gregandev:5.1.0
gregandev:5.0.2
gregandev:5.0.1
gregandev:5.0.0
gregandev:4.2.0
gregandev:4.1.0
gregandev:4.0.0
gregandev:3.1.0
gregandev:3.0.3
gregandev:3.0.2
gregandev:3.0.1
gregandev:3.0.0
gregandev:2.0.1
gregandev:2.0.0
gregandev:1.0.1
gregandev:1.0.0
gregandev:0.2.1
gregandev:0.2.0
gregandev:0.1.0
...
compare: gregandev:cfd9655ed0ddd59b9f7241c15f3d9954d214a3cf
Branches Tags
gregandev:master
gregandev:134-snap-install-method
gregandev:12-standalone-cert-generation
gregandev:5.4.0
gregandev:5.3.1
gregandev:5.3.0
gregandev:5.2.1
gregandev:5.2.0
gregandev:5.1.1
gregandev:5.1.0
gregandev:5.0.2
gregandev:5.0.1
gregandev:5.0.0
gregandev:4.2.0
gregandev:4.1.0
gregandev:4.0.0
gregandev:3.1.0
gregandev:3.0.3
gregandev:3.0.2
gregandev:3.0.1
gregandev:3.0.0
gregandev:2.0.1
gregandev:2.0.0
gregandev:1.0.1
gregandev:1.0.0
gregandev:0.2.1
gregandev:0.2.0
gregandev:0.1.0

7 Commits
a056da763e ... cfd9655ed0

Author SHA1 Message Date
Jeff Geerling
cfd9655ed0
Merge pull request #192 from fapdash/patch-1 
Run hooks only for standalone mode
 2023-06-17 22:22:43 -05:00
Jeff Geerling
47203f3b92
Merge pull request #197 from markstos/no-self-upgrade 
remove deprecated --no-self-upgrade flag
 2023-06-17 22:21:03 -05:00
Jeff Geerling
a3b34ef499
Merge pull request #196 from Kaezon/fix-lint 
fixed lint
 2023-06-17 22:20:04 -05:00
Mark Stosberg
199f940604 remove deprecated --no-self-upgrade flag 
Including it will generate warnings
 2023-05-19 17:39:05 -04:00
Brett Costabile
1b04270982 fixed lint 2023-05-09 10:14:27 -04:00
FAP
2deba31679
Check for both conditions (squash me) 2023-02-20 12:26:44 +01:00
FAP
d30ddd946a
Run hooks only for standalone mode 
If the `certbot_create_method` is set to `webroot` the `stop_services` and `start_services` hook shouldn't be run.
 2023-02-01 15:13:09 +01:00
4 changed files with 20 additions and 17 deletions
Show Stats Expand all files Collapse all files

3
.yamllint
View File

@ -5,6 +5,9 @@ rules:
line-length: line-length:
max: 180 max: 180
level: warning level: warning
indentation:
spaces: 2
indent-sequences: consistent
ignore: | ignore: |
.github/stale.yml .github/stale.yml

2
README.md
View File

@ -20,7 +20,7 @@ Controls how Certbot is installed. Available options are 'package', 'snap', and
certbot_auto_renew_user: "{{ ansible_user | default(lookup('env', 'USER')) }}" certbot_auto_renew_user: "{{ ansible_user | default(lookup('env', 'USER')) }}"
certbot_auto_renew_hour: "3" certbot_auto_renew_hour: "3"
certbot_auto_renew_minute: "30" certbot_auto_renew_minute: "30"
certbot_auto_renew_options: "--quiet --no-self-upgrade" certbot_auto_renew_options: "--quiet"
By default, this role configures a cron job to run under the provided user account at the given hour and minute, every day. The defaults run `certbot renew` (or `certbot-auto renew`) via cron every day at 03:30:00 by the user you use in your Ansible playbook. It's preferred that you set a custom user/hour/minute so the renewal is during a low-traffic period and done by a non-root user account. By default, this role configures a cron job to run under the provided user account at the given hour and minute, every day. The defaults run `certbot renew` (or `certbot-auto renew`) via cron every day at 03:30:00 by the user you use in your Ansible playbook. It's preferred that you set a custom user/hour/minute so the renewal is during a low-traffic period and done by a non-root user account.

6
defaults/main.yml
View File

@ -4,7 +4,7 @@ certbot_auto_renew: true
certbot_auto_renew_user: "{{ ansible_user | default(lookup('env', 'USER')) }}" certbot_auto_renew_user: "{{ ansible_user | default(lookup('env', 'USER')) }}"
certbot_auto_renew_hour: "3" certbot_auto_renew_hour: "3"
certbot_auto_renew_minute: "30" certbot_auto_renew_minute: "30"
certbot_auto_renew_options: "--quiet --no-self-upgrade" certbot_auto_renew_options: "--quiet"
certbot_testmode: false certbot_testmode: false
certbot_hsts: false certbot_hsts: false
@ -37,10 +37,10 @@ certbot_create_command: >-
{{ cert_item.webroot | default(certbot_webroot) if certbot_create_method == 'webroot' else '' }} {{ cert_item.webroot | default(certbot_webroot) if certbot_create_method == 'webroot' else '' }}
-d {{ cert_item.domains | join(',') }} -d {{ cert_item.domains | join(',') }}
{{ '--pre-hook /etc/letsencrypt/renewal-hooks/pre/stop_services' {{ '--pre-hook /etc/letsencrypt/renewal-hooks/pre/stop_services'
if certbot_create_standalone_stop_services if certbot_create_standalone_stop_services and certbot_create_method == 'standalone'
else '' }} else '' }}
{{ '--post-hook /etc/letsencrypt/renewal-hooks/post/start_services' {{ '--post-hook /etc/letsencrypt/renewal-hooks/post/start_services'
if certbot_create_standalone_stop_services if certbot_create_standalone_stop_services and certbot_create_method == 'standalone'
else '' }} else '' }}
certbot_create_standalone_stop_services: certbot_create_standalone_stop_services:

26
tasks/setup-RedHat.yml
View File

@ -9,22 +9,22 @@
- block: - block:
- name: Enable DNF module for CentOS 8.3+. - name: Enable DNF module for CentOS 8.3+.
shell: | shell: |
dnf config-manager --set-enabled powertools dnf config-manager --set-enabled powertools
register: dnf_module_enable register: dnf_module_enable
changed_when: false changed_when: false
when: ansible_facts['distribution_version'] is version('8.3', '>=') when: ansible_facts['distribution_version'] is version('8.3', '>=')
- name: Enable DNF module for CentOS 8.08.2. - name: Enable DNF module for CentOS 8.08.2.
shell: | shell: |
dnf config-manager --set-enabled PowerTools dnf config-manager --set-enabled PowerTools
register: dnf_module_enable register: dnf_module_enable
changed_when: false changed_when: false
when: ansible_facts['distribution_version'] is version('8.2', '<=') when: ansible_facts['distribution_version'] is version('8.2', '<=')
when: when:
- ansible_distribution == 'CentOS' - ansible_distribution == 'CentOS'
- ansible_distribution_major_version | int >= 8 - ansible_distribution_major_version | int >= 8