diff --git a/network.yml b/network.yml index ed74f96c..97cc9737 100755 --- a/network.yml +++ b/network.yml @@ -40,6 +40,7 @@ - hosts: silice.adm.crans.org,sputnik.adm.crans.org,boeing.adm.crans.org vars: certbot_dns_secret: "{{ vault_certbot_dns_secret }}" + certbot_adm_dns_secret: "{{ vault_certbot_adm_dns_secret }}" bind: masters: "{{ lookup('re2oapi', 'get_role', 'dns-authoritary-master')[0] }}" slaves: "{{ lookup('re2oapi', 'get_role', 'dns-authoritary-slave')[0] }}" diff --git a/roles/bind-authoritative/templates/bind/named.conf.local.j2 b/roles/bind-authoritative/templates/bind/named.conf.local.j2 index e11f50c3..9d76d8e8 100644 --- a/roles/bind-authoritative/templates/bind/named.conf.local.j2 +++ b/roles/bind-authoritative/templates/bind/named.conf.local.j2 @@ -10,6 +10,10 @@ key "certbot_challenge." { algorithm hmac-sha512; secret "{{ certbot_dns_secret }}"; }; +key "certbot_adm_challenge." { + algorithm hmac-sha512; + secret "{{ certbot_adm_dns_secret }}"; +}; {% endif %} // Let's Encrypt Challenge DNS-01 zone @@ -41,7 +45,7 @@ zone "_acme-challenge.adm.crans.org" { type master; notify yes; update-policy { - grant certbot_challenge. name _acme-challenge.adm.crans.org. txt; + grant certbot_adm_challenge. name _acme-challenge.adm.crans.org. txt; }; {% else %} type slave; diff --git a/roles/certbot/tasks/main.yml b/roles/certbot/tasks/main.yml index 3a862fcb..b32845cc 100644 --- a/roles/certbot/tasks/main.yml +++ b/roles/certbot/tasks/main.yml @@ -24,6 +24,6 @@ - name: Add Certbot configuration template: - src: "letsencrypt/conf.d/{{ certbot.certname }}.ini.j2" + src: "letsencrypt/conf.d/certname.ini.j2" dest: "/etc/letsencrypt/conf.d/{{ certbot.certname }}.ini" mode: 0644 diff --git a/roles/certbot/templates/letsencrypt/conf.d/crans.org.ini.j2 b/roles/certbot/templates/letsencrypt/conf.d/certname.ini.j2 similarity index 100% rename from roles/certbot/templates/letsencrypt/conf.d/crans.org.ini.j2 rename to roles/certbot/templates/letsencrypt/conf.d/certname.ini.j2