From f21997201b638b4c76084c036e3b4015ad92066a Mon Sep 17 00:00:00 2001 From: Markus Katharina Brechtel Date: Thu, 7 Jun 2018 13:26:18 +0000 Subject: [PATCH] automatic letsencryt certificate renewal --- tasks/provider-letsencrypt.yml | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/tasks/provider-letsencrypt.yml b/tasks/provider-letsencrypt.yml index 5f8ec2c..540324b 100644 --- a/tasks/provider-letsencrypt.yml +++ b/tasks/provider-letsencrypt.yml @@ -10,6 +10,18 @@ - include_tasks: key.yml - include_tasks: csr.yml +- name: check if the certificate will expire soon + command: openssl x509 -checkend {{ 60*60*24*30 }} -noout -in {{certificate_file}} + register: _certificate_checkend + changed_when: _certificate_checkend.rc == 1 + failed_when: _certificate_checkend.rc > 1 + +- name: delete certificate when certificate is about to expire + file: + path: "{{ certificate_file }}" + state: absent + when: _certificate_checkend.rc == 1 + - name: letsencrypt request letsencrypt: account_key: "{{certificate_letsencrypt_account_key_file}}"