2018-05-17 05:06:23 +00:00
|
|
|
- name: Generate (or renew) the certificate
|
|
|
|
|
delegate_to: certgetter01.phx2.fedoraproject.org
|
2018-06-14 00:48:32 +00:00
|
|
|
command: certbot certonly --keep -n --webroot --webroot-path /var/www/html/ -d {{','.join([site_name] + server_aliases)}}
|
2018-06-01 21:07:35 +00:00
|
|
|
run_once: true
|
2018-06-14 00:48:32 +00:00
|
|
|
register: certbot_output
|
2018-06-14 01:28:20 +00:00
|
|
|
check_node: no
|
2018-06-14 01:11:21 +00:00
|
|
|
changed_when: "not ('not yet due for renewal' in certbot_output.stderr)"
|
2018-05-17 05:06:23 +00:00
|
|
|
tags:
|
|
|
|
|
- letsencrypt
|
|
|
|
|
|
|
|
|
|
# And once we do that, we need to copy some things.
|
|
|
|
|
- name: Obtain the certificate
|
|
|
|
|
delegate_to: certgetter01.phx2.fedoraproject.org
|
|
|
|
|
command: cat /etc/letsencrypt/live/{{site_name}}/cert.pem
|
|
|
|
|
register: certbot_certificate
|
2018-06-14 01:11:21 +00:00
|
|
|
when: "not ('not yet due for renewal' in certbot_output.stderr)"
|
2018-05-17 05:06:23 +00:00
|
|
|
tags:
|
|
|
|
|
- letsencrypt
|
|
|
|
|
|
|
|
|
|
- name: Obtain the intermediate certificate
|
|
|
|
|
delegate_to: certgetter01.phx2.fedoraproject.org
|
|
|
|
|
command: cat /etc/letsencrypt/live/{{site_name}}/chain.pem
|
|
|
|
|
register: certbot_chain
|
2018-06-14 01:11:21 +00:00
|
|
|
when: "not ('not yet due for renewal' in certbot_output.stderr)"
|
2018-05-17 05:06:23 +00:00
|
|
|
tags:
|
|
|
|
|
- letsencrypt
|
|
|
|
|
|
|
|
|
|
- name: Obtain the key
|
|
|
|
|
delegate_to: certgetter01.phx2.fedoraproject.org
|
|
|
|
|
command: cat /etc/letsencrypt/live/{{site_name}}/privkey.pem
|
|
|
|
|
register: certbot_key
|
2018-06-14 01:11:21 +00:00
|
|
|
when: "not ('not yet due for renewal' in certbot_output.stderr)"
|
2018-05-17 05:06:23 +00:00
|
|
|
tags:
|
|
|
|
|
- letsencrypt
|
|
|
|
|
|
|
|
|
|
- name: Install the certificate
|
|
|
|
|
copy: >
|
|
|
|
|
dest=/etc/pki/tls/certs/{{site_name}}.cert
|
2018-06-01 20:00:08 +00:00
|
|
|
content="{{certbot_certificate.stdout}}"
|
2018-05-17 05:06:23 +00:00
|
|
|
owner=root
|
|
|
|
|
group=root
|
|
|
|
|
mode=0644
|
2018-06-14 01:11:21 +00:00
|
|
|
when: "not ('not yet due for renewal' in certbot_output.stderr)"
|
2018-05-17 05:06:23 +00:00
|
|
|
notify:
|
|
|
|
|
- reload proxyhttpd
|
|
|
|
|
tags:
|
|
|
|
|
- letsencrypt
|
|
|
|
|
|
|
|
|
|
- name: Install the intermediate/chain certificate
|
|
|
|
|
copy: >
|
|
|
|
|
dest=/etc/pki/tls/certs/{{site_name}}.intermediate.cert
|
2018-06-01 20:00:08 +00:00
|
|
|
content="{{certbot_chain.stdout}}"
|
2018-05-17 05:06:23 +00:00
|
|
|
owner=root
|
|
|
|
|
group=root
|
|
|
|
|
mode=0644
|
2018-06-14 01:11:21 +00:00
|
|
|
when: "not ('not yet due for renewal' in certbot_output.stderr)"
|
2018-05-17 05:06:23 +00:00
|
|
|
notify:
|
|
|
|
|
- reload proxyhttpd
|
|
|
|
|
tags:
|
|
|
|
|
- letsencrypt
|
|
|
|
|
|
|
|
|
|
- name: Install the key
|
|
|
|
|
copy: >
|
|
|
|
|
dest=/etc/pki/tls/private/{{site_name}}.key
|
2018-06-01 20:00:08 +00:00
|
|
|
content="{{certbot_key.stdout}}"
|
2018-05-17 05:06:23 +00:00
|
|
|
owner=root
|
|
|
|
|
group=root
|
|
|
|
|
mode=0600
|
2018-06-14 01:11:21 +00:00
|
|
|
when: "not ('not yet due for renewal' in certbot_output.stderr)"
|
2018-05-17 05:06:23 +00:00
|
|
|
notify:
|
|
|
|
|
- reload proxyhttpd
|
|
|
|
|
tags:
|
|
|
|
|
- letsencrypt
|
