53 lines
1.3 KiB
YAML
53 lines
1.3 KiB
YAML
---
|
|
- name: Install certbot and RFC2136 plugin
|
|
apt:
|
|
update_cache: true
|
|
name:
|
|
- certbot
|
|
- python3-certbot-dns-rfc2136
|
|
state: present
|
|
register: apt_result
|
|
retries: 3
|
|
until: apt_result is succeeded
|
|
|
|
- name: Add DNS credentials
|
|
template:
|
|
src: letsencrypt/rfc2136.ini.j2
|
|
dest: "/etc/letsencrypt/rfc2136.{{ item.certname }}.ini"
|
|
mode: 0600
|
|
owner: root
|
|
loop: "{{ certbot }}"
|
|
|
|
- name: Add dhparam
|
|
template:
|
|
src: "letsencrypt/dhparam.j2"
|
|
dest: "/etc/letsencrypt/dhparam"
|
|
mode: 0600
|
|
|
|
- name: Create /etc/letsencrypt/conf.d
|
|
file:
|
|
path: /etc/letsencrypt/conf.d
|
|
state: directory
|
|
|
|
- name: Add Certbot configuration
|
|
template:
|
|
src: "letsencrypt/conf.d/certname.ini.j2"
|
|
dest: "/etc/letsencrypt/conf.d/{{ item.certname }}.ini"
|
|
mode: 0644
|
|
loop: "{{ certbot }}"
|
|
|
|
- name: Run certbot
|
|
command: certbot --non-interactive --config /etc/letsencrypt/conf.d/{{ item.certname }}.ini certonly
|
|
register: certbot_output
|
|
changed_when: not "Certificate not yet due for renewal" in certbot_output.stdout
|
|
loop: "{{ certbot }}"
|
|
|
|
- name: Clean old files
|
|
file:
|
|
path: "{{ item }}"
|
|
state: absent
|
|
loop:
|
|
- "/etc/letsencrypt/options-ssl-nginx.conf"
|
|
- "/etc/letsencrypt/ssl-dhparams.pem"
|
|
- "/etc/letsencrypt/rfc2136.ini"
|