91 lines
3.2 KiB
YAML
91 lines
3.2 KiB
YAML
- name: Create {{ domain_name }} certificates directory
|
|
file:
|
|
path: "{{ acme_certs_dir }}/{{ domain_name }}.d"
|
|
state: directory
|
|
owner: root
|
|
group: "{{ acme_ssl_group }}"
|
|
mode: "755"
|
|
tags: acme_install
|
|
|
|
- name: Generate Let's Encrypt account key
|
|
openssl_privatekey:
|
|
path: "{{ acme_accounts_dir }}/{{ acme_account_key }}"
|
|
owner: root
|
|
group: root
|
|
mode: "600"
|
|
type: RSA
|
|
size: 4096
|
|
tags: acme_account
|
|
|
|
- name: Generate Let's Encrypt private key for {{ domain_name }}
|
|
openssl_privatekey:
|
|
path: "{{ acme_keys_dir }}/{{ domain_name }}.pem"
|
|
owner: root
|
|
group: "{{ acme_ssl_group }}"
|
|
mode: "640"
|
|
type: RSA
|
|
size: 4096
|
|
|
|
- name: Generate Let's Encrypt CSR for {{ domain_name }}
|
|
openssl_csr:
|
|
path: "{{ acme_csr_dir }}/{{ domain_name }}.csr"
|
|
owner: root
|
|
group: "{{ acme_ssl_group }}"
|
|
mode: "644"
|
|
privatekey_path: "{{ acme_keys_dir }}/{{ domain_name }}.pem"
|
|
common_name: "{{ domain_name }}"
|
|
|
|
# - name: Check if Let's Encrypt certificate already exists for {{ domain_name }}
|
|
# stat:
|
|
# path: "{{ acme_certs_dir }}/{{ domain_name }}.d/cert.pem"
|
|
# register: _acme_cert_file
|
|
|
|
# - name: Check Let's Encrypt certificate expiration date for {{ domain_name }}
|
|
# openssl_certificate_info:
|
|
# path: "{{ acme_certs_dir }}/{{ domain_name }}.d/cert.pem"
|
|
# valid_at:
|
|
# thirty_days: "+30d"
|
|
# register: _acme_cert_validity
|
|
# when: _acme_cert_file.stat.isreg is defined and _acme_cert_file.stat.isreg
|
|
|
|
- name: Begin Let's Encrypt challenges for {{ domain_name }}
|
|
acme_certificate:
|
|
acme_directory: "{{ acme_directory }}"
|
|
acme_version: "{{ acme_version }}"
|
|
account_key_src: "{{ acme_accounts_dir }}/{{ acme_account_key }}"
|
|
account_email: "{{ acme_email }}"
|
|
terms_agreed: yes
|
|
challenge: http-01
|
|
csr: "{{ acme_csr_dir }}/{{ domain_name }}.csr"
|
|
dest: "{{ acme_certs_dir }}/{{ domain_name }}.d/cert.pem"
|
|
fullchain_dest: "{{ acme_certs_dir }}/{{ domain_name }}.d/fullchain.pem"
|
|
remaining_days: 30
|
|
register: _acme_challenge
|
|
# when: _acme_cert_validity is skipped or not _acme_cert_validity.valid_at.thirty_days
|
|
|
|
- debug:
|
|
var: _acme_challenge
|
|
|
|
# - name: Implement and complete Let's Encrypt challenge for {{ domain_name }}
|
|
# when: _acme_challenge is not skipped
|
|
# block:
|
|
# - name: Implement http-01 challenge files for {{ domain_name }}
|
|
# copy:
|
|
# content: "{{ _acme_challenge.challenge_data[domain_name]['http-01'].resource_value }}"
|
|
# dest: "{{ acme_challenge_dir }}/{{ _acme_challenge.challenge_data[domain_name]['http-01'].resource }}"
|
|
# owner: root
|
|
# group: root
|
|
# mode: "644"
|
|
|
|
# - name: Complete Let's Encrypt challenges for {{ domain_name }}
|
|
# acme_certificate:
|
|
# acme_directory: "{{ acme_directory }}"
|
|
# acme_version: "{{ acme_version }}"
|
|
# account_key_src: "{{ acme_accounts_dir }}/{{ acme_account_key }}"
|
|
# account_email: "{{ acme_email }}"
|
|
# challenge: http-01
|
|
# csr: "{{ acme_csr_dir }}/{{ domain_name }}.csr"
|
|
# dest: "{{ acme_certs_dir }}/{{ domain_name }}.d/cert.pem"
|
|
# chain_dest: "{{ acme_certs_dir }}/{{ domain_name }}.d/chain.pem"
|
|
# fullchain_dest: "{{ acme_certs_dir }}/{{ domain_name }}.d/fullchain.pem"
|
|
# data: "{{ _acme_challenge }}" |