60 lines
1.4 KiB
YAML
60 lines
1.4 KiB
YAML
---
|
|
|
|
- name: ensure hostname letsencrypt cert exists
|
|
command:
|
|
cmd: /usr/local/bin/letsencrypt-new.py {{ inventory_hostname }}
|
|
creates: /usr/local/etc/letsencrypt/live/{{ inventory_hostname }}/fullchain.pem
|
|
delegate_to: localhost
|
|
tags:
|
|
- letsencrypt-certs
|
|
- letsencrypt-hostname-cert
|
|
|
|
- name: install hostname cert
|
|
copy:
|
|
src: "/usr/local/etc/letsencrypt/live/{{ item }}"
|
|
dest: "/usr/local/etc/certs/"
|
|
owner: root
|
|
group: root
|
|
mode: 0755
|
|
tags:
|
|
- letsencrypt
|
|
- letsencrypt-certs
|
|
#notify: reload nginx
|
|
vars:
|
|
prediff_cmd: echo
|
|
with_items:
|
|
- "{{ inventory_hostname }}"
|
|
|
|
- name: install current letsencrypt wildcards where they should be installed
|
|
copy:
|
|
src: "/usr/local/etc/letsencrypt/live/{{ item }}"
|
|
dest: "/usr/local/etc/certs/"
|
|
owner: root
|
|
group: root
|
|
mode: 0755
|
|
tags:
|
|
- letsencrypt
|
|
- letsencrypt-wildcard
|
|
#notify: reload nginx
|
|
vars:
|
|
prediff_cmd: echo
|
|
with_items: "{{ letsencrypt_domains }}"
|
|
when: letsencrypt_wildcards
|
|
loop_control:
|
|
label: "{{ item }}"
|
|
|
|
- name: ensure wildcards dont exist on hosts that shouldnt have them
|
|
file:
|
|
path: /usr/local/etc/certs/{{ item }}
|
|
state: absent
|
|
#notify: reload nginx
|
|
with_items: "{{ letsencrypt_domains }}"
|
|
when: letsencrypt_wildcards == false
|
|
vars:
|
|
prediff_cmd: echo
|
|
loop_control:
|
|
label: "{{ item }}"
|
|
tags:
|
|
- letsencrypt
|
|
- letsencrypt-wildcard
|