initial commit

tasks/letsencrypt_cert.yml

@@ -0,0 +1,36 @@
+- include_tasks: common_cert.yml
+
+- name: "get challange for {{ certname }}"
+  acme_certificate: &acmetask
+    force: "{{ task_generate_csr is changed }}"
+    acme_version: 2
+    terms_agreed: yes
+    acme_directory: "https://acme-v02.api.letsencrypt.org/directory"
+    account_key: /etc/ssl/letsencrypt_account.key
+    csr: "{{ cert.csrpath }}"
+    dest: "{{ cert.certpath }}"
+    fullchain_dest: "{{ cert.chainpath }}"
+    remaining_days: "{{ certificates.backends.letsencrypt.remainingdays }}"
+    challenge: "{{ certificates.backends.letsencrypt.challange }}"
+  register: challenge
+
+- name: "setup challenge server for {{ certname }} (dns challange)"
+  when:
+  - challenge is changed
+  - certificates.backends.letsencrypt.challange == "dns-01"
+  delegate_to: "{{ item.0 }}"
+  loop: "{{ certificates.backends.letsencrypt.challangeserver|product(challenge.challenge_data.keys()|list)|list }}"
+  command:
+    argv:
+    - "/usr/local/bin/pdns.py"
+    - "{{ challenge.challenge_data[item.1]['dns-01'].record }}"
+    - "{{ challenge.challenge_data[item.1]['dns-01'].resource_value }}"
+
+- name: "setup challenge server for {{ certname }} (http challange)"
+  debug: msg=a
+
+
+- name: "get certificate {{ certname }}"
+  acme_certificate:
+    <<: *acmetask
+    data: "{{ challenge }}"