mirror of
https://github.com/geerlingguy/ansible-role-certbot.git
synced 2025-04-19 17:01:37 +02:00
cc9c24c195
This solves a chicken and egg problem where a certificate needed for a service to run does not exist yet and certbot role fails on stopping a service which is not yet installed.
27 lines
838 B
YAML
27 lines
838 B
YAML
---
|
|
- name: Check if certificate already exists.
|
|
stat:
|
|
path: /etc/letsencrypt/live/{{ cert_item.domains | first | replace('*.', '') }}/cert.pem
|
|
register: letsencrypt_cert
|
|
|
|
- name: Populate service facts
|
|
service_facts:
|
|
|
|
- name: Stop services to allow certbot to generate a cert.
|
|
service:
|
|
name: "{{ item }}"
|
|
state: stopped
|
|
when: not letsencrypt_cert.stat.exists
|
|
with_items: "{{ certbot_create_standalone_stop_services | intersect(services) }}"
|
|
|
|
- name: Generate new certificate if one doesn't exist.
|
|
command: "{{ certbot_create_command }}"
|
|
when: not letsencrypt_cert.stat.exists
|
|
|
|
- name: Start services after cert has been generated.
|
|
service:
|
|
name: "{{ item }}"
|
|
state: started
|
|
when: not letsencrypt_cert.stat.exists
|
|
with_items: "{{ certbot_create_standalone_stop_services | intersect(services) }}"
|
