New DNS key

2020-05-01 17:35:27 +02:00 · 2020-05-01 17:35:27 +02:00 · 4e6571a179
parent 80040dd35c
commit 4e6571a179
4 changed files with 7 additions and 2 deletions
--- a/network.yml
+++ b/network.yml
@ -40,6 +40,7 @@
 - hosts: silice.adm.crans.org,sputnik.adm.crans.org,boeing.adm.crans.org
  vars:
    certbot_dns_secret: "{{ vault_certbot_dns_secret }}"
+    certbot_adm_dns_secret: "{{ vault_certbot_adm_dns_secret }}"
    bind:
      masters: "{{ lookup('re2oapi', 'get_role', 'dns-authoritary-master')[0] }}"
      slaves: "{{ lookup('re2oapi', 'get_role', 'dns-authoritary-slave')[0] }}"
--- a/roles/bind-authoritative/templates/bind/named.conf.local.j2
+++ b/roles/bind-authoritative/templates/bind/named.conf.local.j2
@ -10,6 +10,10 @@ key "certbot_challenge." {
 	algorithm hmac-sha512;
 	secret "{{ certbot_dns_secret }}";
 };
+key "certbot_adm_challenge." {
+	algorithm hmac-sha512;
+	secret "{{ certbot_adm_dns_secret }}";
+};
 {% endif %}

 // Let's Encrypt Challenge DNS-01 zone
@ -41,7 +45,7 @@ zone "_acme-challenge.adm.crans.org" {
 	type master;
 	notify yes;
 	update-policy {
-		grant certbot_challenge. name _acme-challenge.adm.crans.org. txt;
+		grant certbot_adm_challenge. name _acme-challenge.adm.crans.org. txt;
 	};
 {% else %}
 	type slave;
--- a/roles/certbot/tasks/main.yml
+++ b/roles/certbot/tasks/main.yml
@ -24,6 +24,6 @@

 - name: Add Certbot configuration
  template:
-    src: "letsencrypt/conf.d/{{ certbot.certname }}.ini.j2"
+    src: "letsencrypt/conf.d/certname.ini.j2"
    dest: "/etc/letsencrypt/conf.d/{{ certbot.certname }}.ini"
    mode: 0644
--- a/roles/certbot/templates/letsencrypt/conf.d/crans.org.ini.j2
+++ b/roles/certbot/templates/letsencrypt/conf.d/crans.org.ini.j2