- name: Install ACME dependencies package: name: "{{ package }}" state: present loop: "{{ acme_packages }}" loop_control: loop_var: package tags: acme_install - name: Install SSL dependencies package: name: ssl-cert state: present tags: acme_install - name: Create ACME config directories file: path: "{{ config_dir }}" state: directory owner: root group: root mode: "755" loop: - "{{ acme_config_dir }}" - "{{ acme_certs_dir }}" - "{{ acme_csr_dir }}" loop_control: loop_var: config_dir tags: acme_install - name: Create ACME private keys directory file: path: "{{ acme_keys_dir }}" state: directory owner: root group: "{{ acme_ssl_group }}" mode: "640" tags: acme_install - name: Create ACME accounts directory file: path: "{{ acme_accounts_dir }}" state: directory owner: root group: root mode: "640" tags: acme_install - name: Copy ACME config file copy: content: "{{ acme_config | to_nice_yaml(indent=2) }}" dest: "{{ acme_config_file }}" owner: root group: root mode: "600" tags: [acme_install, acme_config] - name: Create directory for certificate renewal tool file: path: /opt/acme owner: root group: root mode: "755" state: directory tags: acme_install - name: Copy script to renew ACME certificates copy: src: acme_renew_cert.py dest: "{{ acme_script_dir }}/acme_renew_cert.py" owner: root group: root mode: "755" tags: acme_install - name: Create '{{ acme_script_bin }}' symlink for ACME renewal script file: src: "{{ acme_script_dir }}/acme_renew_cert.py" dest: "{{ acme_script_bin }}" state: link owner: root group: root mode: "755" tags: acme_install - name: Perform ACME challenge for each domain command: acme-renew-cert -v -c {{ acme_config_file | quote }} tags: acme_challenge - name: Setup cron job for ACME certificates renewal of {{ domain_name }} cron: user: root name: acme-renew-cert cron_file: acme-renew-cert job: "{{ acme_script_bin }} -q {{ acme_config_file | quote }}" minute: "30" hour: "2" state: present tags: acme_cron