ansible-role-acme/tasks/main.yml

81 lines
2.0 KiB
YAML

- name: Install ACME dependencies
package:
name: python3-acme
state: present
tags: acme_install
- name: Install SSL dependencies
package:
name: ssl-cert
state: present
- name: Create Let's Encrypt config directories
file:
path: "{{ config_dir }}"
state: directory
owner: root
group: "{{ acme_ssl_group }}"
mode: "711"
loop:
- "{{ acme_config_dir }}"
- "{{ acme_keys_dir }}"
- "{{ acme_accounts_dir }}"
- "{{ acme_csr_dir }}"
loop_control:
loop_var: config_dir
tags: acme_install
- name: Create challenge directory
file:
path: "{{ acme_challenge_dir }}/.well-known/acme-challenge"
state: directory
owner: root
group: root
mode: "755"
tags: acme_install
- name: Perform ACME challenge for each domain
include_tasks:
file: acme_challenge.yml
apply:
tags: acme_challenge
loop: "{{ acme_domains | unique }}"
loop_control:
loop_var: domain_name
tags: acme_challenge
- name: Create directory for certificate renewal tool
file:
path: /opt/acme
owner: root
group: root
mode: "755"
state: directory
tags: acme_renew
- name: Copy script to renew ACME certificates
copy:
src: acme_renew_cert.py
dest: /opt/acme/acme_renew_cert.py
owner: root
group: root
mode: "755"
tags: acme_renew
- name: Setup cron job for ACME certificates renewal of {{ domain_name }}
cron:
name: acme renew {{ domain_name }} cert
job: >-
bash -c 'sleep $((RANDOM \% 3600))' && /opt/acme/acme_renew_cert.py {{ domain_name }} -q
-a {{ (acme_accounts_dir + '/' + acme_account_key) | quote }}
-p {{ acme_keys_dir | quote }}/{domain}.pem
-r {{ acme_csr_dir | quote }}/{domain}.csr
-o {{ acme_certs_dir | quote }}/{domain}.d
-c {{ acme_challenge_dir | quote }}/.well-known/acme-challenge
minute: "30"
hour: "2"
state: present
loop: "{{ acme_domains | unique }}"
loop_control:
loop_var: domain_name
tags: acme_renew