From 313452f5e2cb004194e444ff45744893226a0aff Mon Sep 17 00:00:00 2001
From: nd <git@notandy.de>
Date: Fri, 1 Nov 2019 15:59:04 +0100
Subject: [PATCH] fixed some bugs

---
 defaults/main.yml          |  1 +
 tasks/common_cert.yml      |  4 ++--
 tasks/letsencrypt_cert.yml | 11 +++++++++--
 tasks/main.yml             |  1 -
 4 files changed, 12 insertions(+), 5 deletions(-)

diff --git a/defaults/main.yml b/defaults/main.yml
index cf6d3f2..50d4160 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -13,4 +13,5 @@ certificates:
     mail: "example@example.com"
     ou: "cyber"
     cn: ~
+    san: []
   certs: {}
diff --git a/tasks/common_cert.yml b/tasks/common_cert.yml
index 90eef42..8fa17a7 100644
--- a/tasks/common_cert.yml
+++ b/tasks/common_cert.yml
@@ -8,7 +8,7 @@
       chainpath: "{{ basepath + '/' + certname + '.chain.crt' }}"
       fullpath: "{{ basepath + '/private/' + certname + '.complete.pem' }}"
 - set_fact:
-    cert: "{{ certificates.defaults|combine(cert_paths, certificates.certs[certname]|d({}), {'name': certname} ) }}"
+    cert: "{{ {}|combine(certificates.defaults, cert_paths, certificates.certs[certname]|d({}), {'name': certname} ) }}"
 
 - debug:
     verbosity: 1
@@ -27,7 +27,7 @@
   openssl_csr:
     path: "{{ cert.csrpath }}"
     privatekey_path: "{{ cert.keypath }}"
-    common_name: "{% if cert.cn %}{{ cert.cn }}{% else %}{{ cert.san[0] }}{% endif %}"
+    common_name: "{% if cert.cn %}{{ cert.cn }}{% elif cert.san|length > 0  %}{{ cert.san[0] }}{% else %}{{ cert.name }}{% endif %}"
     subject_alt_name: "{{ cert.san | map('regex_replace', '^', 'DNS:') | list }}"
   register: task_generate_csr
 
diff --git a/tasks/letsencrypt_cert.yml b/tasks/letsencrypt_cert.yml
index a628495..9f4c887 100644
--- a/tasks/letsencrypt_cert.yml
+++ b/tasks/letsencrypt_cert.yml
@@ -12,6 +12,7 @@
     fullchain_dest: "{{ cert.chainpath }}"
     remaining_days: "{{ certificates.backends.letsencrypt.remainingdays }}"
     challenge: "{{ certificates.backends.letsencrypt.challange }}"
+    deactivate_authzs: yes
   register: challenge
 
 - name: "setup challenge server for {{ certname }} (dns challange)"
@@ -27,8 +28,14 @@
     - "{{ challenge.challenge_data[item.1]['dns-01'].resource_value }}"
 
 - name: "setup challenge server for {{ certname }} (http challange)"
-  debug: msg=a
-
+  when:
+  - challenge is changed
+  - certificates.backends.letsencrypt.challange == "http-01"
+  delegate_to: "{{ item.0 }}"
+  loop: "{{ certificates.backends.letsencrypt.challangeserver|product(challenge.challenge_data.keys()|list)|list }}"
+  copy:
+    dest: "/var/www/letsencrypt/{{ challenge.challenge_data[item.1]['http-01'].resource | basename }}"
+    content: "{{ challenge.challenge_data.[item.1]['http-01'].resource_value }}"
 
 - name: "get certificate {{ certname }}"
   acme_certificate:
diff --git a/tasks/main.yml b/tasks/main.yml
index 56b9a80..dfd4580 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -2,7 +2,6 @@
   apt:
     pkg:
       - openssl
-      - python3-openssl
       - python3-cryptography
 
 - name: add group ssl-cert