Pārlūkot izejas kodu

update letsencrypt to acme v2

master
vecāks
revīzija
0b37070f66
2 mainītis faili ar 33 papildinājumiem un 52 dzēšanām
  1. +31
    -51
      tasks/provider-letsencrypt.yml
  2. +2
    -1
      tasks/setup_Debian.yml

+ 31
- 51
tasks/provider-letsencrypt.yml Parādīt failu

@@ -1,12 +1,5 @@
---

- name: letsencrypt account private key
command: openssl genrsa
-out "{{certificate_letsencrypt_account_key_file}}"
4096
args:
creates: "{{ certificate_letsencrypt_account_key_file }}"

- include_tasks: key.yml
- include_tasks: csr.yml

@@ -16,22 +9,31 @@
changed_when: _certificate_checkend.rc == 1
failed_when: _certificate_checkend.rc > 1

- name: letsencrypt request
letsencrypt:
account_key: "{{certificate_letsencrypt_account_key_file}}"
csr: "{{certificate_signing_request_file}}"
dest: "{{certificate_file}}"
challenge: http-01
acme_directory: https://acme-v01.api.letsencrypt.org/directory
agreement: https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf
register: _letsencrypt_request
when: _certificate_checkend.rc == 1
- block:
- name: letsencrypt account private key
openssl_privatekey:
path: "{{certificate_letsencrypt_account_key_file}}"
type: RSA
size: 4096

- name: letsencrypt request
acme_certificate:
account_key_src: "{{certificate_letsencrypt_account_key_file}}"
csr: "{{certificate_signing_request_file}}"
dest: "{{certificate_file}}"
chain_dest: "{{ certificate_chain_file }}"
fullchain_dest: "{{ certificate_fullchain_file }}"
challenge: http-01
acme_directory: https://acme-v02.api.letsencrypt.org/directory
acme_version: 2
terms_agreed: yes
register: _letsencrypt_request
when: _certificate_checkend.rc == 1

# - debug:
# msg:
# _letsencrypt_request: "{{_letsencrypt_request}}"
- debug:
msg:
_letsencrypt_request: "{{_letsencrypt_request}}"

- block:
- name: acme http directory
file:
path: /var/www/default/.well-known/acme-challenge
@@ -41,40 +43,18 @@
dest: /var/www/default/{{ item.resource }}
content: "{{ item.resource_value }}"
with_items: "{{ _letsencrypt_request | json_query('challenge_data.*.\"http-01\"') }}"
- letsencrypt:
account_key: "{{certificate_letsencrypt_account_key_file}}"
- name: letsencrypt certificate
acme_certificate:
account_key_src: "{{certificate_letsencrypt_account_key_file}}"
csr: "{{certificate_signing_request_file}}"
dest: "{{certificate_file}}"
chain_dest: "{{ certificate_chain_file }}"
fullchain_dest: "{{ certificate_fullchain_file }}"
challenge: http-01
acme_directory: https://acme-v01.api.letsencrypt.org/directory
agreement: https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf
acme_directory: https://acme-v02.api.letsencrypt.org/directory
acme_version: 2
terms_agreed: yes
data: "{{ _letsencrypt_request }}"
register: _letsencrypt
when:
- _letsencrypt_request.changed
- _certificate_checkend.rc == 1

- name: download letsencrypt certificate
get_url:
url: https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem.txt
dest: "{{certificate_chain_file}}"
checksum: sha512:0fa893f751f0880c7d89c398cae9708f5ff04d466832fb6160a824395032259ac52e02a44da531d0f8bf7e310298b0067b1e8257f816d3223034f391ecba491d

- name: fetch certificate
fetch:
src: "{{ certificate_file }}"
dest: host_files/{{inventory_hostname}}/certificate/{{certificate_name}}.cert.pem
flat: yes
fail_on_missing: yes

- name: fetch certificate chain
fetch:
src: "{{ certificate_chain_file }}"
dest: host_files/{{inventory_hostname}}/certificate/{{certificate_name}}.chain.pem
flat: yes
fail_on_missing: yes

- name: create full certificate chain
template:
src: fullchain.pam.j2
dest: "{{ certificate_fullchain_file }}"

+ 2
- 1
tasks/setup_Debian.yml Parādīt failu

@@ -1,7 +1,8 @@
---

- name: install packages
- name: install debian packages
apt:
pkg:
- openssl
- certbot
- python-cryptography

Notiek ielāde…
Atcelt
Saglabāt