ka
/
ansible-role-certificate
1
0
Fork 0
Código Incidencias 0 Pull Requests 0 Lanzamientos 0 Wiki Actividad
No puede seleccionar más de 25 temas Los temas deben comenzar con una letra o número, pueden incluir guiones ('-') y pueden tener hasta 35 caracteres de largo.
18 Commits
1 Rama
40KB
Árbol: 0b37070f66
Ramas Etiquetas
${ item.name }
Crear rama ${ searchTerm }
desde '0b37070f66'
${ noResults }
ansible-role-certificate/tasks/provider-letsencrypt.yml

61 líneas
2.0KB
Original Blame Histórico 

  1. ---

  2. 

  3. - include_tasks: key.yml

  4. - include_tasks: csr.yml

  5. 

  6. - name: check if the certificate will expire soon

  7.   command: openssl x509 -checkend {{ 60*60*24*30 }} -noout -in {{certificate_file}}

  8.   register: _certificate_checkend

  9.   changed_when: _certificate_checkend.rc == 1

  10.   failed_when: _certificate_checkend.rc > 1

  11. 

  12. - block:

  13.     - name: letsencrypt account private key

  14.       openssl_privatekey:

  15.         path: "{{certificate_letsencrypt_account_key_file}}"

  16.         type: RSA

  17.         size: 4096

  18. 

  19.     - name: letsencrypt request

  20.       acme_certificate:

  21.         account_key_src: "{{certificate_letsencrypt_account_key_file}}"

  22.         csr: "{{certificate_signing_request_file}}"

  23.         dest: "{{certificate_file}}"

  24.         chain_dest: "{{ certificate_chain_file }}"

  25.         fullchain_dest: "{{ certificate_fullchain_file }}"

  26.         challenge: http-01

  27.         acme_directory: https://acme-v02.api.letsencrypt.org/directory

  28.         acme_version: 2

  29.         terms_agreed: yes

  30.       register: _letsencrypt_request

  31.       when: _certificate_checkend.rc == 1

  32. 

  33.     - debug:

  34.         msg:

  35.           _letsencrypt_request: "{{_letsencrypt_request}}"

  36. 

  37.     - name: acme http directory

  38.       file:

  39.         path: /var/www/default/.well-known/acme-challenge

  40.         state: directory

  41.     - name: copy acme challenge resource

  42.       copy:

  43.         dest: /var/www/default/{{ item.resource }}

  44.         content: "{{ item.resource_value }}"

  45.       with_items: "{{ _letsencrypt_request | json_query('challenge_data.*.\"http-01\"') }}"

  46.     - name: letsencrypt certificate

  47.       acme_certificate:

  48.         account_key_src: "{{certificate_letsencrypt_account_key_file}}"

  49.         csr: "{{certificate_signing_request_file}}"

  50.         dest: "{{certificate_file}}"

  51.         chain_dest: "{{ certificate_chain_file }}"

  52.         fullchain_dest: "{{ certificate_fullchain_file }}"

  53.         challenge: http-01

  54.         acme_directory: https://acme-v02.api.letsencrypt.org/directory

  55.         acme_version: 2

  56.         terms_agreed: yes

  57.         data: "{{ _letsencrypt_request }}"

  58.       register: _letsencrypt

  59.   when:

  60.     - _certificate_checkend.rc == 1