mirror of
https://github.com/geerlingguy/ansible-role-certbot.git
synced 2025-04-19 17:01:37 +02:00
92 lines
3.1 KiB
YAML
92 lines
3.1 KiB
YAML
---
|
|
- name: Clone Certbot into configured directory.
|
|
git:
|
|
repo: "{{ certbot_repo }}"
|
|
dest: "{{ certbot_dir }}"
|
|
version: "{{ certbot_version }}"
|
|
update: "{{ certbot_keep_updated }}"
|
|
|
|
- name: Ensure certbot-auto is executable.
|
|
file:
|
|
path: "{{ certbot_dir }}/certbot-auto"
|
|
mode: 0755
|
|
|
|
- name: Stop nginx
|
|
service:
|
|
name: nginx
|
|
state: stopped
|
|
when: certbot_webserver == 'nginx'
|
|
|
|
- name: Stop apache2
|
|
service:
|
|
name: apache2
|
|
state: stopped
|
|
when: certbot_webserver == 'apache' and ansible_os_family == 'Debian'
|
|
|
|
- name: Stop httpd
|
|
service:
|
|
name: httpd
|
|
state: stopped
|
|
when: certbot_webserver == 'apache' and ansible_os_family == 'RedHat'
|
|
|
|
- name: Check if letsencrypt certificate file exists
|
|
stat: path="/etc/letsencrypt/live/{{ certbot_domain }}/privkey.pem"
|
|
register: r_cert_domain
|
|
|
|
- name: Run certbot generation for each host
|
|
command: "{{ certbot_dir }}/certbot-auto certonly --standalone --email {{ certbot_email }} -d {{ certbot_domain }} -d www.{{ certbot_domain }}"
|
|
when: not r_cert_domain.stat.exists
|
|
|
|
- name: Run certbot generation for additional subdomains
|
|
command: "{{ certbot_dir }}/certbot-auto certonly --standalone --email {{ certbot_email }} -d {{ item }}.{{ certbot_domain }}"
|
|
with_items: "{{ certbot_subdomains }}"
|
|
when: not r_cert_domain.stat.exists
|
|
|
|
- name: Start nginx
|
|
service:
|
|
name: nginx
|
|
state: started
|
|
when: certbot_webserver == 'nginx'
|
|
|
|
- name: Start apache2
|
|
service:
|
|
name: apache2
|
|
state: started
|
|
when: certbot_webserver == 'apache' and ansible_os_family == 'Debian'
|
|
|
|
- name: Start httpd
|
|
service:
|
|
name: httpd
|
|
state: started
|
|
when: certbot_webserver == 'apache' and ansible_os_family == 'RedHat'
|
|
|
|
- name: Add cron job for 'certbot-auto renew' (if configured).
|
|
cron:
|
|
name: Certbot automatic renewal.
|
|
job: "{{ certbot_dir }}/certbot-auto renew --quiet --agree-tos --pre-hook 'service nginx stop' --post-hook 'service nginx start'"
|
|
minute: "{{ certbot_auto_renew_minute }}"
|
|
hour: "{{ certbot_auto_renew_hour }}"
|
|
user: "{{ certbot_auto_renew_user }}"
|
|
cron_file: certbot-cron
|
|
when: certbot_auto_renew and certbot_webserver == 'nginx'
|
|
|
|
- name: Add cron job for 'certbot-auto renew' (if configured).
|
|
cron:
|
|
name: Certbot automatic renewal.
|
|
job: "{{ certbot_dir }}/certbot-auto renew --quiet --agree-tos --pre-hook 'service apache2 stop' --post-hook 'service apache2 start'"
|
|
minute: "{{ certbot_auto_renew_minute }}"
|
|
hour: "{{ certbot_auto_renew_hour }}"
|
|
user: "{{ certbot_auto_renew_user }}"
|
|
cron_file: certbot-cron
|
|
when: certbot_auto_renew and certbot_webserver == 'apache' and ansible_os_family == 'Debian'
|
|
|
|
- name: Add cron job for 'certbot-auto renew' (if configured).
|
|
cron:
|
|
name: Certbot automatic renewal.
|
|
job: "{{ certbot_dir }}/certbot-auto renew --quiet --agree-tos --pre-hook 'service httpd stop' --post-hook 'service httpd start'"
|
|
minute: "{{ certbot_auto_renew_minute }}"
|
|
hour: "{{ certbot_auto_renew_hour }}"
|
|
user: "{{ certbot_auto_renew_user }}"
|
|
cron_file: certbot-cron
|
|
when: certbot_auto_renew and certbot_webserver == 'apache' and ansible_os_family == 'RedHat'
|
