2020-05-09 12:54:38 +02:00
|
|
|
---
|
2020-11-04 23:07:51 +01:00
|
|
|
- name: Install certbot and nginx plugin
|
2020-05-09 12:54:38 +02:00
|
|
|
apt:
|
|
|
|
update_cache: true
|
|
|
|
name:
|
|
|
|
- certbot
|
2020-11-04 23:07:51 +01:00
|
|
|
- python3-certbot-nginx
|
|
|
|
register: pkg_result
|
2020-05-09 12:54:38 +02:00
|
|
|
retries: 3
|
2020-11-04 23:07:51 +01:00
|
|
|
until: pkg_result is succeeded
|
2020-05-09 12:54:38 +02:00
|
|
|
|
2020-11-04 23:07:51 +01:00
|
|
|
- name: Check if certificate already exists.
|
|
|
|
stat:
|
|
|
|
path: "/etc/letsencrypt/live/{{ certbot.certname }}/cert.pem"
|
|
|
|
register: letsencrypt_cert
|
2020-05-09 12:54:38 +02:00
|
|
|
|
|
|
|
- name: Create /etc/letsencrypt/conf.d
|
|
|
|
file:
|
|
|
|
path: /etc/letsencrypt/conf.d
|
|
|
|
state: directory
|
2020-11-04 19:31:50 +01:00
|
|
|
mode: 0755
|
2020-05-09 12:54:38 +02:00
|
|
|
|
|
|
|
- name: Add Certbot configuration
|
|
|
|
template:
|
|
|
|
src: "letsencrypt/conf.d/certname.ini.j2"
|
|
|
|
dest: "/etc/letsencrypt/conf.d/{{ certbot.certname }}.ini"
|
|
|
|
mode: 0644
|
2020-11-04 23:07:51 +01:00
|
|
|
|
|
|
|
- name: Stop services to allow certbot to generate a cert.
|
|
|
|
service:
|
|
|
|
name: nginx
|
|
|
|
state: stopped
|
|
|
|
|
|
|
|
- name: Generate new certificate if one doesn't exist.
|
|
|
|
shell: "certbot certonly --non-interactive --config /etc/letsencrypt/conf.d/{{ certbot.certname }}.ini"
|
|
|
|
when: letsencrypt_cert.stat.exists == False
|
|
|
|
|
|
|
|
- name: Restart services to allow certbot to generate a cert.
|
|
|
|
service:
|
|
|
|
name: nginx
|
|
|
|
state: started
|
|
|
|
|