From 4a57dad8a6091e6b65889d4d362d2461174fe681 Mon Sep 17 00:00:00 2001 From: Otthorn Date: Tue, 19 Jan 2021 23:19:25 +0100 Subject: [PATCH 1/2] use handlers --- roles/certbot/handlers/main.yml | 8 ++++++++ roles/certbot/tasks/main.yml | 20 +++----------------- 2 files changed, 11 insertions(+), 17 deletions(-) create mode 100644 roles/certbot/handlers/main.yml diff --git a/roles/certbot/handlers/main.yml b/roles/certbot/handlers/main.yml new file mode 100644 index 0000000..b8517e5 --- /dev/null +++ b/roles/certbot/handlers/main.yml @@ -0,0 +1,8 @@ +--- +- name: Reload nginx + service: + name: nginx + state: reloaded + +- name: Generate certificates + shell: "certbot certonly --non-interactive --config /etc/letsencrypt/conf.d/{{ certbot.certname }}.ini" diff --git a/roles/certbot/tasks/main.yml b/roles/certbot/tasks/main.yml index f29d557..cbce286 100644 --- a/roles/certbot/tasks/main.yml +++ b/roles/certbot/tasks/main.yml @@ -20,20 +20,6 @@ src: "letsencrypt/conf.d/certname.ini.j2" dest: "/etc/letsencrypt/conf.d/{{ certbot.certname }}.ini" mode: 0644 - register: certbot_config - -- name: Stop services to allow certbot to generate a cert. - service: - name: nginx - state: stopped - when: certbot_config.changed - -- name: Generate new certificate if the configuration changed - shell: "certbot certonly --non-interactive --config /etc/letsencrypt/conf.d/{{ certbot.certname }}.ini" - when: certbot_config.changed - -- name: Restart services to allow certbot to generate a cert. - service: - name: nginx - state: started - when: certbot_config.changed + notify: + - Generate certificates + - Reload nginx From f0e3bd78c9cbd877c463de6230e65b3f0edcafca Mon Sep 17 00:00:00 2001 From: Otthorn Date: Tue, 19 Jan 2021 23:27:17 +0100 Subject: [PATCH 2/2] use command instead of shell when you don't need sh features (pipes, env, etc...) --- roles/certbot/handlers/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/certbot/handlers/main.yml b/roles/certbot/handlers/main.yml index b8517e5..82d2202 100644 --- a/roles/certbot/handlers/main.yml +++ b/roles/certbot/handlers/main.yml @@ -5,4 +5,4 @@ state: reloaded - name: Generate certificates - shell: "certbot certonly --non-interactive --config /etc/letsencrypt/conf.d/{{ certbot.certname }}.ini" + command: "certbot certonly --non-interactive --config /etc/letsencrypt/conf.d/{{ certbot.certname }}.ini"