Automatically renew certificates if a new domain was added

This commit is contained in:
Yohann D'ANELLO 2020-11-04 23:58:27 +01:00
parent b1f56938e6
commit 24ab53675a

View file

@ -9,11 +9,6 @@
retries: 3 retries: 3
until: pkg_result is succeeded until: pkg_result is succeeded
- name: Check if certificate already exists.
stat:
path: "/etc/letsencrypt/live/{{ certbot.certname }}/cert.pem"
register: letsencrypt_cert
- name: Create /etc/letsencrypt/conf.d - name: Create /etc/letsencrypt/conf.d
file: file:
path: /etc/letsencrypt/conf.d path: /etc/letsencrypt/conf.d
@ -25,18 +20,20 @@
src: "letsencrypt/conf.d/certname.ini.j2" src: "letsencrypt/conf.d/certname.ini.j2"
dest: "/etc/letsencrypt/conf.d/{{ certbot.certname }}.ini" dest: "/etc/letsencrypt/conf.d/{{ certbot.certname }}.ini"
mode: 0644 mode: 0644
register: certbot_config
- name: Stop services to allow certbot to generate a cert. - name: Stop services to allow certbot to generate a cert.
service: service:
name: nginx name: nginx
state: stopped state: stopped
when: certbot_config.changed
- name: Generate new certificate if one doesn't exist. - name: Generate new certificate if the configuration changed
shell: "certbot certonly --non-interactive --config /etc/letsencrypt/conf.d/{{ certbot.certname }}.ini" shell: "certbot certonly --non-interactive --config /etc/letsencrypt/conf.d/{{ certbot.certname }}.ini"
when: letsencrypt_cert.stat.exists == False when: certbot_config.changed
- name: Restart services to allow certbot to generate a cert. - name: Restart services to allow certbot to generate a cert.
service: service:
name: nginx name: nginx
state: started state: started
when: certbot_config.changed