fix self-signed certificates

master
HgO 2020-12-27 18:18:17 +01:00
parent 7f7079db9e
commit 3365215ceb
3 changed files with 57 additions and 42 deletions

View File

@ -14,10 +14,7 @@
- acme
- name: Install Self-Signed certificates
include_tasks: self_signed.yml
loop: "{{ acme_domains | list }}"
loop_control:
loop_var: domain_name
import_tasks: self_signed.yml
when: not acme_enabled
tags:
- certificate

View File

@ -14,51 +14,28 @@
path: "{{ config_dir }}"
state: directory
owner: root
group: "{{ acme_ssl_group }}"
mode: "711"
group: root
mode: "755"
loop:
- "{{ acme_config_dir }}"
- "{{ acme_keys_dir }}"
- "{{ acme_accounts_dir }}"
- "{{ acme_csr_dir }}"
- "{{ acme_config_dir }}"
- "{{ acme_certs_dir }}"
- "{{ acme_csr_dir }}"
loop_control:
loop_var: config_dir
tags: selfsigned_install
- name: Create {{ domain_name }} certificates directory
- name: Create ACME private keys directory
file:
path: "{{ acme_certs_dir }}/{{ domain_name }}.d"
path: "{{ acme_keys_dir }}"
state: directory
owner: root
group: "{{ acme_ssl_group }}"
mode: "755"
tags: selfsigned_install
mode: "750"
tags: acme_install
- name: Generate private key for {{ domain_name }} certificate
openssl_privatekey:
path: "{{ acme_keys_dir }}/{{ domain_name }}.pem"
owner: root
group: "{{ acme_ssl_group }}"
mode: "640"
type: RSA
size: 4096
- name: Generate CSR for {{ domain_name }} certificate
openssl_csr:
path: "{{ acme_csr_dir }}/{{ domain_name }}.csr"
owner: root
group: "{{ acme_ssl_group }}"
mode: "644"
privatekey_path: "{{ acme_keys_dir }}/{{ domain_name }}.pem"
common_name: "{{ domain_name }}"
- name: Generate self-signed certificate
openssl_certificate:
path: "{{ acme_certs_dir }}/{{ domain_name }}.d/cert.pem"
csr_path: "{{ acme_csr_dir }}/{{ domain_name }}.csr"
privatekey_path: "{{ acme_keys_dir }}/{{ domain_name }}.pem"
provider: selfsigned
state: present
owner: root
group: "{{ acme_ssl_group }}"
mode: "644"
- name: Install Self-Signed certificate for each domain
include_tasks: self_signed_domain.yml
loop: "{{ acme_config.domains }}"
loop_control:
loop_var: domain
label: "{{ domain.name }}"

View File

@ -0,0 +1,41 @@
- name: Create {{ domain.name }} certificates directory
file:
path: "{{ acme_certs_dir }}/{{ domain.name }}.d"
state: directory
owner: root
group: root
mode: "755"
tags: selfsigned_install
- name: Generate private key for {{ domain.name }} certificate
openssl_privatekey:
path: "{{ acme_keys_dir }}/{{ domain.name }}.key"
owner: root
group: "{{ acme_ssl_group }}"
mode: "640"
type: RSA
size: 4096
tags: selfsigned_config
- name: Generate CSR for {{ domain.name }} certificate
openssl_csr:
path: "{{ acme_csr_dir }}/{{ domain.name }}.csr"
owner: root
group: root
mode: "644"
privatekey_path: "{{ acme_keys_dir }}/{{ domain.name }}.key"
common_name: "{{ domain.name }}"
subject_alt_name: "{{ domain.alt_names | default([]) | map('regex_replace', '^', 'DNS:') | list }}"
tags: selfsigned_config
- name: Generate self-signed certificate
openssl_certificate:
path: "{{ acme_certs_dir }}/{{ domain.name }}.d/cert.pem"
csr_path: "{{ acme_csr_dir }}/{{ domain.name }}.csr"
privatekey_path: "{{ acme_keys_dir }}/{{ domain.name }}.key"
provider: selfsigned
state: present
owner: root
group: root
mode: "644"