2021-01-17 17:02:05 +01:00
|
|
|
---
|
|
|
|
|
# Very similar to the certbot role, but without nginx
|
|
|
|
|
# Install Letscrypt tools to generate and manage certificates
|
|
|
|
|
- name: Install Letsencrypt
|
|
|
|
|
apt:
|
|
|
|
|
name:
|
|
|
|
|
- certbot # letsencrypt
|
|
|
|
|
- ca-certificates # just in case
|
|
|
|
|
update_cache: true
|
|
|
|
|
|
|
|
|
|
# Create the configuration directory for letsencrypt
|
|
|
|
|
- name: Create /etc/letsencrypt/conf.d
|
|
|
|
|
file:
|
|
|
|
|
path: /etc/letsencrypt/conf.d
|
|
|
|
|
state: directory
|
|
|
|
|
mode: 0755
|
|
|
|
|
|
|
|
|
|
# Configure certbot
|
|
|
|
|
- name: Add certbot configuration
|
|
|
|
|
template:
|
|
|
|
|
src: "conf.ini.j2"
|
|
|
|
|
dest: "/etc/letsencrypt/conf.d/{{ certbot.certname }}.ini"
|
|
|
|
|
mode: 0644
|
2021-01-30 00:02:28 +01:00
|
|
|
notify: Generate certificates
|
2021-02-05 00:05:26 +01:00
|
|
|
|
|
|
|
|
- name: Make sure let's encrypt renewal-hooks exists
|
|
|
|
|
file:
|
|
|
|
|
path: /etc/letsencrypt/renewal-hooks/deploy
|
|
|
|
|
state: directory
|
|
|
|
|
|
|
|
|
|
- name: Reload Postfix and Dovecot after certificate renewal
|
|
|
|
|
template:
|
|
|
|
|
src: letsencrypt/renewal-hooks/deploy/reload-mail-services.sh.j2
|
|
|
|
|
dest: /etc/letsencrypt/renewal-hooks/deploy/reload-mail-services.sh
|
|
|
|
|
mode: 0755
|
|
|
|
|
|
|
|
|
|
# TODO: add motd
|
