|
- ---
-
- - include_tasks: key.yml
- - include_tasks: csr.yml
-
- - name: check if the certificate will expire soon
- command: openssl x509 -checkend {{ 60*60*24*30 }} -noout -in {{certificate_file}}
- register: _certificate_checkend
- changed_when: _certificate_checkend.rc == 1
- failed_when: _certificate_checkend.rc > 1
-
- - name: self sign certificate
- command: openssl x509 -req
- -in "{{ certificate_signing_request_file }}"
- -signkey "{{ certificate_private_key_file }}"
- -extfile "{{ certificate_signing_request_config_file }}"
- -extensions certificate_extensions
- -out "{{ certificate_file }}"
- {{ certificate_private_key_password is defined | ternary('-passin env:PRIVATE_KEY_PASSWORD','') }}
- args:
- creates: "{{ certificate_file }}"
- environment:
- PRIVATE_KEY_PASSWORD: "{{ certificate_private_key_password | default('') }}"
- notify: certificate changed
- when: _certificate_checkend.rc == 1
-
- - name: link full certificate chain file
- file:
- src: "{{ certificate_file }}"
- dest: "{{ certificate_fullchain_file }}"
- state: link
|
