65 lines
1.9 KiB
YAML
65 lines
1.9 KiB
YAML
---
|
|
|
|
- name: Install certbot deps
|
|
ansible.builtin.apt:
|
|
name:
|
|
- python3-certbot
|
|
- python3-certbot-dns-cloudflare
|
|
state: present
|
|
|
|
- name: Install
|
|
ansible.builtin.template:
|
|
src: cloudflare-credentials.ini.j2
|
|
dest: "{{ cloudflare_credentials_destination }}"
|
|
mode: o=rw
|
|
|
|
- name: Ensure existance of {{ certbot_post_hook_dir }}
|
|
ansible.builtin.file:
|
|
path: "{{ certbot_post_hook_dir }}"
|
|
state: directory
|
|
mode: o=rw,g=r,a+x
|
|
|
|
- name: Add renewal_post_upgrade hook
|
|
ansible.builtin.copy:
|
|
src: renewal_post_upgrade.sh
|
|
dest: "{{ certbot_post_hook_dir }}/renewal_post_upgrade.sh"
|
|
mode: a+x
|
|
owner: root
|
|
group: root
|
|
|
|
- name: Check for existence of certificates
|
|
ansible.builtin.stat:
|
|
path: "{{ certbot_live_dir }}/{{ item }}/fullchain.pem"
|
|
loop: "{{ host_domains[inventory_hostname] }}"
|
|
register: cert_check
|
|
- name: Construct domains needing ACME requests list
|
|
ansible.builtin.set_fact:
|
|
domain_request_list: >
|
|
{% for domain in host_domains[inventory_hostname] %}
|
|
{% set domain_index = loop.index0 %}
|
|
{% if not cert_check.results[domain_index].stat.exists %}
|
|
{{ domain }}
|
|
{% endif %}
|
|
{% endfor %}
|
|
|
|
- name: Request acmedns challenges if there are such domains that need certs
|
|
ansible.builtin.shell: >
|
|
certbot certonly --dns-cloudflare \
|
|
--dns-cloudflare-credentials {{ cloudflare_credentials_destination }} \
|
|
--non-interactive \
|
|
--manual-public-ip-logging-ok \
|
|
--agree-tos -m {{ certbot_email }} \
|
|
--preferred-challenges dns --debug-challenges \
|
|
--dns-cloudflare-propagation-seconds 20 \
|
|
-d {{ item }}
|
|
loop: "{{ domain_request_list.split() }}"
|
|
changed_when: domain_request_list | trim != ''
|
|
|
|
- name: Certbot daily renewal cron job
|
|
ansible.builtin.cron:
|
|
name: "letsencrypt_daily_renewal"
|
|
special_time: "daily"
|
|
job: "certbot renew --non-interactive"
|
|
cron_file: "certbot_renewal"
|
|
user: root
|