Automatically renew certificates if a new domain was added

2020-11-04 23:58:27 +01:00 · 2020-11-04 23:58:27 +01:00 · 24ab53675a
commit 24ab53675a
parent b1f56938e6
1 changed files with 5 additions and 8 deletions
--- a/roles/certbot/tasks/main.yml
+++ b/roles/certbot/tasks/main.yml
@ -9,11 +9,6 @@
  retries: 3
  until: pkg_result is succeeded
 - name: Check if certificate already exists.
  stat:
    path: "/etc/letsencrypt/live/{{ certbot.certname }}/cert.pem"
  register: letsencrypt_cert
 - name: Create /etc/letsencrypt/conf.d
  file:
    path: /etc/letsencrypt/conf.d
@ -25,18 +20,20 @@
    src: "letsencrypt/conf.d/certname.ini.j2"
    dest: "/etc/letsencrypt/conf.d/{{ certbot.certname }}.ini"
    mode: 0644
  register: certbot_config
 - name: Stop services to allow certbot to generate a cert.
  service:
    name: nginx
    state: stopped
  when: certbot_config.changed
- name: Generate new certificate if one doesn't exist.
+- name: Generate new certificate if the configuration changed
  shell: "certbot certonly --non-interactive --config /etc/letsencrypt/conf.d/{{ certbot.certname }}.ini"
-  when: letsencrypt_cert.stat.exists == False
+  when: certbot_config.changed
 - name: Restart services to allow certbot to generate a cert.
  service:
    name: nginx
    state: started
-
+  when: certbot_config.changed