58 lines
1.4 KiB
YAML
58 lines
1.4 KiB
YAML
- name: generate letsencrypt account key
|
|
register: letsencrypt_account_key
|
|
openssl_privatekey:
|
|
path: /etc/ssl/letsencrypt_account.key
|
|
size: 4096
|
|
owner: root
|
|
group: root
|
|
mode: 0600
|
|
|
|
- name: register letsencrypt account
|
|
when: letsencrypt_account_key is changed
|
|
acme_account:
|
|
account_key_src: /etc/ssl/letsencrypt_account.key
|
|
state: present
|
|
terms_agreed: yes
|
|
acme_version: 2
|
|
acme_directory: "https://acme-v02.api.letsencrypt.org/directory"
|
|
|
|
- name: ensure config folders exist
|
|
file:
|
|
path: /etc/letsencrypt/
|
|
state: directory
|
|
owner: root
|
|
group: root
|
|
mode: 0755
|
|
|
|
- name: generate letsencrypt auto renew ssh key
|
|
register: letsencrypt_renewkey
|
|
openssh_keypair:
|
|
owner: root
|
|
group: root
|
|
path: /etc/letsencrypt/renewkey
|
|
type: ed25519
|
|
comment: "letsencrypt-renew@{{ inventory_hostname }}"
|
|
|
|
- name: copy challenge deployment script
|
|
copy:
|
|
src: letsencrypt_deploy_challenge.sh
|
|
dest: /usr/local/bin/letsencrypt_deploy_challenge.sh
|
|
owner: root
|
|
group: root
|
|
mode: 0755
|
|
|
|
- name: copy letsencrypt renew skript
|
|
copy:
|
|
src: letsencrypt_renew.sh
|
|
dest: /usr/local/bin/letsencrypt_renew.sh
|
|
owner: root
|
|
group: root
|
|
mode: 0755
|
|
|
|
- name: copy acme primitives
|
|
copy:
|
|
src: acme-primitives.py
|
|
dest: /usr/local/bin/acme-primitives.py
|
|
owner: root
|
|
group: root
|
|
mode: 0755
|