infra/ansible-role-certificates
4
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fixed some autorenew letsencrypt problems

Browse source
This commit is contained in:
nd 2020-09-27 15:57:47 +02:00
parent c2c8727fe9
commit 29c8bfccdf
No known key found for this signature in database
GPG key ID: 21B5CD4DEE3670E9
5 changed files with 121 additions and 20 deletions
Download patch file Download diff file Expand all files Collapse all files

31
tasks/letsencrypt_cert.yml
View file

@ -36,23 +36,26 @@
src: "/etc/letsencrypt/cert_{{ certname }}.token"
register: tokenfile
- name: add renew ssh key to backend server
delegate_to: "{{ item }}"
delegate_to: "{{ challengeserver }}"
loop: "{{ cert_backend.challengeserver }}"
loop_control:
loop_var: challengeserver
authorized_key:
user: letsencrypt
key: "{{ letsencrypt_renewkey.public_key }}"
- name: add server token to record whitelist on backend server
when:
- challenge is changed
delegate_to: "{{ item.0 }}"
delegate_to: "{{ serverchallengepair.0 }}"
loop: "{{ cert_backend.challengeserver|product(challenge.challenge_data.keys()|list)|list }}"
loop_control:
loop_var: serverchallengepair
command:
argv:
- "/usr/local/bin/pdns.py"
- "add_token"
- "--"
- "{{ tokenfile.content | b64decode }}"
- "{{ challenge.challenge_data[item.1]['dns-01'].record }}"
- "{{ challenge.challenge_data[serverchallengepair.1]['dns-01'].record }}"
- name: create cert renew config
template:
src: letsencrypt_renew_config.j2
@ -71,23 +74,27 @@
when:
- challenge is changed
- cert_backend.challenge == "dns-01"
delegate_to: "{{ item.0 }}"
delegate_to: "{{ serverchallengepair.0 }}"
loop: "{{ cert_backend.challengeserver|product(challenge.challenge_data.keys()|list)|list }}"
loop_control:
loop_var: serverchallengepair
command:
argv:
- "/usr/local/bin/pdns.py"
- "add_challenge"
- "--"
- "{{ challenge.challenge_data[item.1]['dns-01'].record }}"
- "{{ challenge.challenge_data[item.1]['dns-01'].resource_value }}"
- "{{ challenge.challenge_data[serverchallengepair.1]['dns-01'].record }}"
- "{{ challenge.challenge_data[serverchallengepair.1]['dns-01'].resource_value }}"
- name: "setup challenge server for {{ certname }} (manual dns challenge)"
when:
- challenge is changed
- cert_backend.challenge == "dns-01-manual"
loop: "{{ challenge.challenge_data_dns|d({})|dict2items }}"
loop_control:
loop_var: challengedata
debug:
msg: "add the following dns record: '{{ item.key }}.': { TXT: {{ item.value }} }"
msg: "add the following dns record: '{{ challengedata.key }}.': { TXT: {{ challengedata.value }} }"
- name: wait for challenges in dns (manual dns challenge)
pause:
@ -100,11 +107,13 @@
when:
- challenge is changed
- cert_backend.challenge == "http-01"
delegate_to: "{{ item.0 }}"
delegate_to: "{{ serverchallengepair.0 }}"
loop: "{{ cert_backend.challengeserver|product(challenge.challenge_data.keys()|list)|list }}"
loop_control:
loop_var: serverchallengepair
copy:
dest: "/var/www/letsencrypt/{{ challenge.challenge_data[item.1]['http-01'].resource | basename }}"
content: "{{ challenge.challenge_data[item.1]['http-01'].resource_value }}"
dest: "/var/www/letsencrypt/{{ challenge.challenge_data[serverchallengepair.1]['http-01'].resource | basename }}"
content: "{{ challenge.challenge_data[serverchallengepair.1]['http-01'].resource_value }}"
- name: "get certificate {{ certname }}"
acme_certificate: