ka
/
ansible-role-certificate
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Browse Source

fix letsencrypt certificate expiration check

master
Markus Katharina Brechtel 4 years ago
parent
afbbb8c5a9
commit
febc2eb37e
1 changed files with 20 additions and 30 deletions
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +20
    -30
      tasks/provider-letsencrypt.yml

+ 20
- 30
tasks/provider-letsencrypt.yml View File

@@ -3,36 +3,26 @@
- include_tasks: key.yml - include_tasks: key.yml
- include_tasks: csr.yml - include_tasks: csr.yml


- name: check if the certificate will expire soon
command: openssl x509 -checkend {{ 60*60*24*30 }} -noout -in {{certificate_file}}
register: _certificate_checkend
changed_when: _certificate_checkend.rc == 1
failed_when: _certificate_checkend.rc > 1
- name: letsencrypt account private key
openssl_privatekey:
path: "{{certificate_letsencrypt_account_key_file}}"
type: RSA
size: 4096


- block:
- name: letsencrypt account private key
openssl_privatekey:
path: "{{certificate_letsencrypt_account_key_file}}"
type: RSA
size: 4096
- name: letsencrypt request
acme_certificate:
account_key_src: "{{certificate_letsencrypt_account_key_file}}"
csr: "{{certificate_signing_request_file}}"
dest: "{{certificate_file}}"
chain_dest: "{{ certificate_chain_file }}"
fullchain_dest: "{{ certificate_fullchain_file }}"
challenge: http-01
acme_directory: https://acme-v02.api.letsencrypt.org/directory
acme_version: 2
terms_agreed: yes
register: _letsencrypt_request


- name: letsencrypt request
acme_certificate:
account_key_src: "{{certificate_letsencrypt_account_key_file}}"
csr: "{{certificate_signing_request_file}}"
dest: "{{certificate_file}}"
chain_dest: "{{ certificate_chain_file }}"
fullchain_dest: "{{ certificate_fullchain_file }}"
challenge: http-01
acme_directory: https://acme-v02.api.letsencrypt.org/directory
acme_version: 2
terms_agreed: yes
register: _letsencrypt_request
when: _certificate_checkend.rc == 1

- debug:
msg:
_letsencrypt_request: "{{_letsencrypt_request}}"
- block:


- name: acme http directory - name: acme http directory
file: file:
@@ -56,5 +46,5 @@
terms_agreed: yes terms_agreed: yes
data: "{{ _letsencrypt_request }}" data: "{{ _letsencrypt_request }}"
register: _letsencrypt register: _letsencrypt
when:
- _certificate_checkend.rc == 1
when: _letsencrypt_request.changed

Write Preview
Loading…
Cancel
Save