Wildcard certificate on MX servers.
For the sake of completeness I commit this play.certbot_on_virtu
parent
a761100b28
commit
4ef9586d2a
|
|
@ -0,0 +1,34 @@
|
||||||
|
#!/usr/bin/env ansible-playbook
|
||||||
|
---
|
||||||
|
# Temporary
|
||||||
|
# Wildcard certificate for MX servers
|
||||||
|
- hosts: titanic.adm.crans.org
|
||||||
|
vars:
|
||||||
|
certbot:
|
||||||
|
dns_rfc2136_name: certbot_challenge.
|
||||||
|
dns_rfc2136_secret: "{{ vault_certbot_dns_secret }}"
|
||||||
|
mail: root@crans.org
|
||||||
|
certname: crans.org
|
||||||
|
domains: "*.crans.org"
|
||||||
|
bind:
|
||||||
|
masters: "{{ lookup('re2oapi', 'get_role', 'dns-authoritary-master')[0] }}"
|
||||||
|
roles:
|
||||||
|
- certbot
|
||||||
|
tasks:
|
||||||
|
- name: Symlink smtp certificate
|
||||||
|
file:
|
||||||
|
src: /etc/letsencrypt/live/crans.org/fullchain.pem
|
||||||
|
dest: /etc/ssl/certs/smtp.pem
|
||||||
|
state: link
|
||||||
|
force: true
|
||||||
|
- name: Symlink smtp private key
|
||||||
|
file:
|
||||||
|
src: /etc/letsencrypt/live/crans.org/privkey.pem
|
||||||
|
dest: /etc/ssl/private/smtp.pem
|
||||||
|
state: link
|
||||||
|
force: true
|
||||||
|
- name: reload postfix
|
||||||
|
systemd:
|
||||||
|
enabled: yes
|
||||||
|
state: restarted
|
||||||
|
name: postfix
|
||||||
Loading…
Reference in New Issue