New DNS key

network.yml

@@ -40,6 +40,7 @@
 - hosts: silice.adm.crans.org,sputnik.adm.crans.org,boeing.adm.crans.org
   vars:
     certbot_dns_secret: "{{ vault_certbot_dns_secret }}"
+    certbot_adm_dns_secret: "{{ vault_certbot_adm_dns_secret }}"
     bind:
       masters: "{{ lookup('re2oapi', 'get_role', 'dns-authoritary-master')[0] }}"
       slaves: "{{ lookup('re2oapi', 'get_role', 'dns-authoritary-slave')[0] }}"

roles/bind-authoritative/templates/bind/named.conf.local.j2

@@ -10,6 +10,10 @@ key "certbot_challenge." {
 	algorithm hmac-sha512;
 	secret "{{ certbot_dns_secret }}";
 };
+key "certbot_adm_challenge." {
+	algorithm hmac-sha512;
+	secret "{{ certbot_adm_dns_secret }}";
+};
 {% endif %}
 
 // Let's Encrypt Challenge DNS-01 zone
@@ -41,7 +45,7 @@ zone "_acme-challenge.adm.crans.org" {
 	type master;
 	notify yes;
 	update-policy {
-		grant certbot_challenge. name _acme-challenge.adm.crans.org. txt;
+		grant certbot_adm_challenge. name _acme-challenge.adm.crans.org. txt;
 	};
 {% else %}
 	type slave;

roles/certbot/tasks/main.yml

@@ -24,6 +24,6 @@
 
 - name: Add Certbot configuration
   template:
-    src: "letsencrypt/conf.d/{{ certbot.certname }}.ini.j2"
+    src: "letsencrypt/conf.d/certname.ini.j2"
     dest: "/etc/letsencrypt/conf.d/{{ certbot.certname }}.ini"
     mode: 0644