2020-05-09 12:54:38 +02:00
|
|
|
---
|
2021-02-01 17:07:10 +01:00
|
|
|
- name: Install certbot and RFC2136 plugin
|
2020-05-09 12:54:38 +02:00
|
|
|
apt:
|
|
|
|
|
update_cache: true
|
|
|
|
|
name:
|
|
|
|
|
- certbot
|
2021-02-01 17:07:10 +01:00
|
|
|
- python3-certbot-dns-rfc2136
|
2021-02-24 11:41:57 +01:00
|
|
|
state: present
|
|
|
|
|
register: apt_result
|
2020-05-09 12:54:38 +02:00
|
|
|
retries: 3
|
2021-02-24 11:41:57 +01:00
|
|
|
until: apt_result is succeeded
|
2021-02-01 17:07:10 +01:00
|
|
|
|
|
|
|
|
- name: Add DNS credentials
|
|
|
|
|
template:
|
|
|
|
|
src: letsencrypt/rfc2136.ini.j2
|
2021-02-24 11:41:57 +01:00
|
|
|
dest: "/etc/letsencrypt/rfc2136.{{ item.certname }}.ini"
|
2021-02-01 17:07:10 +01:00
|
|
|
mode: 0600
|
|
|
|
|
owner: root
|
2021-02-24 11:41:57 +01:00
|
|
|
loop: "{{ certbot }}"
|
|
|
|
|
|
|
|
|
|
- name: Add dhparam
|
|
|
|
|
template:
|
|
|
|
|
src: "letsencrypt/dhparam.j2"
|
|
|
|
|
dest: "/etc/letsencrypt/dhparam"
|
|
|
|
|
mode: 0600
|
|
|
|
|
|
|
|
|
|
- name: Create /etc/letsencrypt/conf.d
|
|
|
|
|
file:
|
|
|
|
|
path: /etc/letsencrypt/conf.d
|
|
|
|
|
state: directory
|
|
|
|
|
mode: 0644
|
2021-02-01 17:07:10 +01:00
|
|
|
|
2020-05-09 12:54:38 +02:00
|
|
|
- name: Add Certbot configuration
|
|
|
|
|
template:
|
|
|
|
|
src: "letsencrypt/conf.d/certname.ini.j2"
|
2021-02-24 11:41:57 +01:00
|
|
|
dest: "/etc/letsencrypt/conf.d/{{ item.certname }}.ini"
|
2020-05-09 12:54:38 +02:00
|
|
|
mode: 0644
|
2021-02-24 11:41:57 +01:00
|
|
|
loop: "{{ certbot }}"
|
|
|
|
|
|
|
|
|
|
- name: Run certbot
|
|
|
|
|
command: certbot --non-interactive --config /etc/letsencrypt/conf.d/{{ item.certname }}.ini certonly
|
|
|
|
|
loop: "{{ certbot }}"
|
|
|
|
|
|
|
|
|
|
- name: Clean old files
|
|
|
|
|
file:
|
|
|
|
|
path: "{{ item }}"
|
|
|
|
|
state: absent
|
|
|
|
|
loop:
|
|
|
|
|
- "/etc/letsencrypt/options-ssl-nginx.conf"
|
|
|
|
|
- "/etc/letsencrypt/ssl-dhparams.pem"
|
|
|
|
|
- "/etc/letsencrypt/rfc2136.ini"
|
