diff --git a/roles/mail-certificates/tasks/main.yml b/roles/mail-certificates/tasks/main.yml new file mode 100644 index 0000000..64e6c63 --- /dev/null +++ b/roles/mail-certificates/tasks/main.yml @@ -0,0 +1,28 @@ +--- +# Very similar to the certbot role, but without nginx +# Install Letscrypt tools to generate and manage certificates +- name: Install Letsencrypt + apt: + name: + - certbot # letsencrypt + - ca-certificates # just in case + update_cache: true + +# Create the configuration directory for letsencrypt +- name: Create /etc/letsencrypt/conf.d + file: + path: /etc/letsencrypt/conf.d + state: directory + mode: 0755 + +# Configure certbot +- name: Add certbot configuration + template: + src: "conf.ini.j2" + dest: "/etc/letsencrypt/conf.d/{{ certbot.certname }}.ini" + mode: 0644 + register: certbot_config + +- name: Generate new certificates if the configuration changed + shell: "certbot certonly --non-interactive --config /etc/letsencrypt/conf.d/{{ certbot.certname }}.ini" + when: certbot_config.changed