add support for self signed cert

tasks/common_cert.yml

@@ -18,6 +18,9 @@
 - debug:
     verbosity: 1
     var: cert_backend
+- debug:
+    verbosity: 1
+    var: certificates.certs[certname]
 
 - name: "generate key for {{ certname }}"
   openssl_privatekey:

tasks/main.yml

@@ -16,6 +16,10 @@
     owner: root
     group: ssl-cert
 
+- debug:
+    verbosity: 2
+    var: certificates
+
 - import_tasks: letsencrypt_setup.yml
 - include_tasks: "{{ certificates.certs[certname].backend|default(certificates.defaults.backend) }}_cert.yml"
   loop: "{{ certificates.certs.keys()|list }}"

tasks/selfsigned_cert.yml

@@ -0,0 +1,39 @@
+- include_tasks: common_cert.yml
+
+- name: "sign certificate for {{ certname }}"
+  register: selfsignedsign
+  openssl_certificate:
+    path: "{{ cert.certpath }}"
+    privatekey_path: "{{ cert.keypath }}"
+    csr_path: "{{ cert.csrpath }}"
+    provider: selfsigned
+    selfsigned_not_after: "{{ cert_backend.not_after }}"
+
+- name: "generate concatinated versions (chain) for {{ certname }}"
+  shell: "umask 0137; cat {{ cert.certpath }} > {{ cert.chainpath }}"
+  args:
+    creates: "{{ cert.chainpath }}"
+
+- name: "set permission for concatinated versions (chain) for {{ certname }}"
+  file:
+    path: "{{ cert.chainpath }}"
+    mode: 0644
+    owner: root
+    group: ssl-cert
+
+- name: "generate concatinated versions (full) for {{ certname }}"
+  shell: "umask 0137; cat {{ cert.chainpath }} {{ cert.keypath }} > {{ cert.fullpath }}"
+  args:
+    creates: "{{ cert.fullpath }}"
+
+- name: "set permissions for concatinated versions (full) for {{ certname }}"
+  file:
+    path: "{{ cert.fullpath }}"
+    mode: 0640
+    owner: root
+    group: ssl-cert
+
+- set_fact:
+    certchanged: "{{ selfsignedsign is changed }}"
+- name: handle postflight
+  include: common_post.yml