Explorar el Código

don't delete certificates which are about to be renewed

master
padre
commit
7563719140
Se han modificado 2 ficheros con 11 adiciones y 14 borrados
  1. +4
    -14
      tasks/provider-letsencrypt.yml
  2. +7
    -0
      tasks/provider-selfsigned.yml

+ 4
- 14
tasks/provider-letsencrypt.yml Ver fichero

@@ -16,12 +16,6 @@
changed_when: _certificate_checkend.rc == 1
failed_when: _certificate_checkend.rc > 1

- name: delete certificate when certificate is about to expire
file:
path: "{{ certificate_file }}"
state: absent
when: _certificate_checkend.rc == 1

- name: letsencrypt request
letsencrypt:
account_key: "{{certificate_letsencrypt_account_key_file}}"
@@ -31,6 +25,7 @@
acme_directory: https://acme-v01.api.letsencrypt.org/directory
agreement: https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf
register: _letsencrypt_request
when: _certificate_checkend.rc == 1

# - debug:
# msg:
@@ -41,13 +36,11 @@
file:
path: /var/www/default/.well-known/acme-challenge
state: directory

- name: copy acme challenge resource
copy:
dest: /var/www/default/{{ item.resource }}
content: "{{ item.resource_value }}"
with_items: "{{ _letsencrypt_request | json_query('challenge_data.*.\"http-01\"') }}"

- letsencrypt:
account_key: "{{certificate_letsencrypt_account_key_file}}"
csr: "{{certificate_signing_request_file}}"
@@ -57,12 +50,9 @@
agreement: https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf
data: "{{ _letsencrypt_request }}"
register: _letsencrypt

# - debug:
# msg:
# _letsencrypt: "{{_letsencrypt}}"

when: _letsencrypt_request.changed
when:
- _letsencrypt_request.changed
- _certificate_checkend.rc == 1

- name: download letsencrypt certificate
get_url:


+ 7
- 0
tasks/provider-selfsigned.yml Ver fichero

@@ -3,6 +3,12 @@
- include_tasks: key.yml
- include_tasks: csr.yml

- name: check if the certificate will expire soon
command: openssl x509 -checkend {{ 60*60*24*30 }} -noout -in {{certificate_file}}
register: _certificate_checkend
changed_when: _certificate_checkend.rc == 1
failed_when: _certificate_checkend.rc > 1

- name: self sign certificate
command: openssl x509 -req
-in "{{ certificate_signing_request_file }}"
@@ -16,6 +22,7 @@
environment:
PRIVATE_KEY_PASSWORD: "{{ certificate_private_key_password | default('') }}"
notify: certificate changed
when: _certificate_checkend.rc == 1

- name: link full certificate chain file
file:


Cargando…
Cancelar
Guardar