- name: Create {{ domain_name }} certificates directory file: path: "{{ acme_certs_dir }}/{{ domain_name }}.d" state: directory owner: root group: "{{ acme_ssl_group }}" mode: "755" tags: acme_install - name: Generate Let's Encrypt account key openssl_privatekey: path: "{{ acme_accounts_dir }}/{{ acme_account_key }}" owner: root group: root mode: "600" type: RSA size: 4096 tags: acme_account - name: Generate Let's Encrypt private key for {{ domain_name }} openssl_privatekey: path: "{{ acme_keys_dir }}/{{ domain_name }}.pem" owner: root group: "{{ acme_ssl_group }}" mode: "640" type: RSA size: 4096 - name: Generate Let's Encrypt CSR for {{ domain_name }} openssl_csr: path: "{{ acme_csr_dir }}/{{ domain_name }}.csr" owner: root group: "{{ acme_ssl_group }}" mode: "644" privatekey_path: "{{ acme_keys_dir }}/{{ domain_name }}.pem" common_name: "{{ domain_name }}" # - name: Check if Let's Encrypt certificate already exists for {{ domain_name }} # stat: # path: "{{ acme_certs_dir }}/{{ domain_name }}.d/cert.pem" # register: _acme_cert_file # - name: Check Let's Encrypt certificate expiration date for {{ domain_name }} # openssl_certificate_info: # path: "{{ acme_certs_dir }}/{{ domain_name }}.d/cert.pem" # valid_at: # thirty_days: "+30d" # register: _acme_cert_validity # when: _acme_cert_file.stat.isreg is defined and _acme_cert_file.stat.isreg - name: Begin Let's Encrypt challenges for {{ domain_name }} acme_certificate: acme_directory: "{{ acme_directory }}" acme_version: "{{ acme_version }}" account_key_src: "{{ acme_accounts_dir }}/{{ acme_account_key }}" account_email: "{{ acme_email }}" terms_agreed: yes challenge: http-01 csr: "{{ acme_csr_dir }}/{{ domain_name }}.csr" dest: "{{ acme_certs_dir }}/{{ domain_name }}.d/cert.pem" fullchain_dest: "{{ acme_certs_dir }}/{{ domain_name }}.d/fullchain.pem" remaining_days: 30 register: _acme_challenge # when: _acme_cert_validity is skipped or not _acme_cert_validity.valid_at.thirty_days - debug: var: _acme_challenge # - name: Implement and complete Let's Encrypt challenge for {{ domain_name }} # when: _acme_challenge is not skipped # block: # - name: Implement http-01 challenge files for {{ domain_name }} # copy: # content: "{{ _acme_challenge.challenge_data[domain_name]['http-01'].resource_value }}" # dest: "{{ acme_challenge_dir }}/{{ _acme_challenge.challenge_data[domain_name]['http-01'].resource }}" # owner: root # group: root # mode: "644" # - name: Complete Let's Encrypt challenges for {{ domain_name }} # acme_certificate: # acme_directory: "{{ acme_directory }}" # acme_version: "{{ acme_version }}" # account_key_src: "{{ acme_accounts_dir }}/{{ acme_account_key }}" # account_email: "{{ acme_email }}" # challenge: http-01 # csr: "{{ acme_csr_dir }}/{{ domain_name }}.csr" # dest: "{{ acme_certs_dir }}/{{ domain_name }}.d/cert.pem" # chain_dest: "{{ acme_certs_dir }}/{{ domain_name }}.d/chain.pem" # fullchain_dest: "{{ acme_certs_dir }}/{{ domain_name }}.d/fullchain.pem" # data: "{{ _acme_challenge }}"