42 lines
1.2 KiB
YAML
42 lines
1.2 KiB
YAML
|
|
- name: Create {{ domain.name }} certificates directory
|
|
file:
|
|
path: "{{ acme_certs_dir }}/{{ domain.name }}.d"
|
|
state: directory
|
|
owner: root
|
|
group: root
|
|
mode: "755"
|
|
tags: selfsigned_install
|
|
|
|
- name: Generate private key for {{ domain.name }} certificate
|
|
openssl_privatekey:
|
|
path: "{{ acme_keys_dir }}/{{ domain.name }}.key"
|
|
owner: root
|
|
group: "{{ acme_ssl_group }}"
|
|
mode: "640"
|
|
type: RSA
|
|
size: 4096
|
|
tags: selfsigned_config
|
|
|
|
- name: Generate CSR for {{ domain.name }} certificate
|
|
openssl_csr:
|
|
path: "{{ acme_csr_dir }}/{{ domain.name }}.csr"
|
|
owner: root
|
|
group: root
|
|
mode: "644"
|
|
privatekey_path: "{{ acme_keys_dir }}/{{ domain.name }}.key"
|
|
common_name: "{{ domain.name }}"
|
|
subject_alt_name: "{{ domain.alt_names | default([]) | map('regex_replace', '^', 'DNS:') | list }}"
|
|
tags: selfsigned_config
|
|
|
|
- name: Generate self-signed certificate
|
|
openssl_certificate:
|
|
path: "{{ acme_certs_dir }}/{{ domain.name }}.d/fullchain.pem"
|
|
csr_path: "{{ acme_csr_dir }}/{{ domain.name }}.csr"
|
|
privatekey_path: "{{ acme_keys_dir }}/{{ domain.name }}.key"
|
|
provider: selfsigned
|
|
state: present
|
|
owner: root
|
|
group: root
|
|
mode: "644"
|
|
tags: selfsigned_config |