From 24ab53675a2f099685fdeca4b31c507417c560fa Mon Sep 17 00:00:00 2001 From: Yohann D'ANELLO Date: Wed, 4 Nov 2020 23:58:27 +0100 Subject: [PATCH] Automatically renew certificates if a new domain was added --- roles/certbot/tasks/main.yml | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/roles/certbot/tasks/main.yml b/roles/certbot/tasks/main.yml index 0f61e91..f29d557 100644 --- a/roles/certbot/tasks/main.yml +++ b/roles/certbot/tasks/main.yml @@ -9,11 +9,6 @@ retries: 3 until: pkg_result is succeeded -- name: Check if certificate already exists. - stat: - path: "/etc/letsencrypt/live/{{ certbot.certname }}/cert.pem" - register: letsencrypt_cert - - name: Create /etc/letsencrypt/conf.d file: path: /etc/letsencrypt/conf.d @@ -25,18 +20,20 @@ src: "letsencrypt/conf.d/certname.ini.j2" dest: "/etc/letsencrypt/conf.d/{{ certbot.certname }}.ini" mode: 0644 + register: certbot_config - name: Stop services to allow certbot to generate a cert. service: name: nginx state: stopped + when: certbot_config.changed -- name: Generate new certificate if one doesn't exist. +- name: Generate new certificate if the configuration changed shell: "certbot certonly --non-interactive --config /etc/letsencrypt/conf.d/{{ certbot.certname }}.ini" - when: letsencrypt_cert.stat.exists == False + when: certbot_config.changed - name: Restart services to allow certbot to generate a cert. service: name: nginx state: started - + when: certbot_config.changed