add support to autrenew letsencrypt certificates, still testing

2020-06-27 16:55:52 +02:00 · 2020-06-27 16:55:52 +02:00 · 0e0c634e37
commit 0e0c634e37
parent 12895a364f
9 changed files with 179 additions and 23 deletions
--- a/tasks/letsencrypt_setup.yml
+++ b/tasks/letsencrypt_setup.yml
@ -5,3 +5,52 @@
    owner: root
    group: root
    mode: 0600
+
+- name: register letsencrypt account
+  acme_account:
+    account_key_src: /etc/ssl/letsencrypt_account.key
+    state: present
+    terms_agreed: yes
+    acme_version: 2
+    acme_directory: "https://acme-v02.api.letsencrypt.org/directory"
+
+- name: ensure config folders exist
+  file:
+    path: /etc/letsencrypt/
+    state: directory
+    owner: root
+    group: root
+    mode: 0755
+
+- name: generate letsencrypt auto renew ssh key
+  register: letsencrypt_renewkey
+  openssh_keypair:
+    owner: root
+    group: root
+    path: /etc/letsencrypt/renewkey
+    type: ed25519
+    comment: "letsencrypt-renew@{{ inventory_hostname }}"
+
+- name: copy challenge deployment script
+  copy:
+    src: letsencrypt_deploy_challenge.sh
+    dest: /usr/local/bin/letsencrypt_deploy_challenge.sh
+    owner: root
+    group: root
+    mode: 0755
+
+- name: copy letsencrypt renew skript
+  copy:
+    src: letsencrypt_renew.sh
+    dest: /usr/local/bin/letsencrypt_renew.sh
+    owner: root
+    group: root
+    mode: 0755
+
+- name: copy acme primitives
+  get_url:
+    dest: /usr/local/bin/acme-primitives.py
+    owner: root
+    group: root
+    mode: 0755
+    url: "https://git.notandy.de/ansible/acme-primitives/-/raw/master/acme-primitives.py"