43 lines
1.7 KiB
YAML
43 lines
1.7 KiB
YAML
- include_tasks: common_cert.yml
|
|
|
|
- name: "get challange for {{ certname }}"
|
|
acme_certificate: &acmetask
|
|
force: "{{ task_generate_csr is changed }}"
|
|
acme_version: 2
|
|
terms_agreed: yes
|
|
acme_directory: "https://acme-v02.api.letsencrypt.org/directory"
|
|
account_key: /etc/ssl/letsencrypt_account.key
|
|
csr: "{{ cert.csrpath }}"
|
|
dest: "{{ cert.certpath }}"
|
|
fullchain_dest: "{{ cert.chainpath }}"
|
|
remaining_days: "{{ certificates.backends.letsencrypt.remainingdays }}"
|
|
challenge: "{{ certificates.backends.letsencrypt.challange }}"
|
|
deactivate_authzs: yes
|
|
register: challenge
|
|
|
|
- name: "setup challenge server for {{ certname }} (dns challange)"
|
|
when:
|
|
- challenge is changed
|
|
- certificates.backends.letsencrypt.challange == "dns-01"
|
|
delegate_to: "{{ item.0 }}"
|
|
loop: "{{ certificates.backends.letsencrypt.challangeserver|product(challenge.challenge_data.keys()|list)|list }}"
|
|
command:
|
|
argv:
|
|
- "/usr/local/bin/pdns.py"
|
|
- "{{ challenge.challenge_data[item.1]['dns-01'].record }}"
|
|
- "{{ challenge.challenge_data[item.1]['dns-01'].resource_value }}"
|
|
|
|
- name: "setup challenge server for {{ certname }} (http challange)"
|
|
when:
|
|
- challenge is changed
|
|
- certificates.backends.letsencrypt.challange == "http-01"
|
|
delegate_to: "{{ item.0 }}"
|
|
loop: "{{ certificates.backends.letsencrypt.challangeserver|product(challenge.challenge_data.keys()|list)|list }}"
|
|
copy:
|
|
dest: "/var/www/letsencrypt/{{ challenge.challenge_data[item.1]['http-01'].resource | basename }}"
|
|
content: "{{ challenge.challenge_data[item.1]['http-01'].resource_value }}"
|
|
|
|
- name: "get certificate {{ certname }}"
|
|
acme_certificate:
|
|
<<: *acmetask
|
|
data: "{{ challenge }}"
|