66 lines
2.3 KiB
YAML
66 lines
2.3 KiB
YAML
- include_tasks: common_cert.yml
|
|
|
|
- set_fact:
|
|
external_challange_type: "{{ map_challange_type_letsencrypt[cert_backend.challange]|d(cert_backend.challange) }}"
|
|
|
|
- name: "get challange for {{ certname }}"
|
|
acme_certificate: &acmetask
|
|
force: "{{ task_generate_csr is changed }}"
|
|
acme_version: 2
|
|
terms_agreed: yes
|
|
acme_directory: "https://acme-v02.api.letsencrypt.org/directory"
|
|
account_key: /etc/ssl/letsencrypt_account.key
|
|
csr: "{{ cert.csrpath }}"
|
|
dest: "{{ cert.certpath }}"
|
|
fullchain_dest: "{{ cert.chainpath }}"
|
|
remaining_days: "{{ cert_backend.remainingdays }}"
|
|
challenge: "{{ external_challange_type }}"
|
|
deactivate_authzs: yes
|
|
register: challenge
|
|
|
|
- name: "setup challenge server for {{ certname }} (dns challange)"
|
|
when:
|
|
- challenge is changed
|
|
- cert_backend.challange == "dns-01"
|
|
delegate_to: "{{ item.0 }}"
|
|
loop: "{{ cert_backend.challangeserver|product(challenge.challenge_data.keys()|list)|list }}"
|
|
command:
|
|
argv:
|
|
- "/usr/local/bin/pdns.py"
|
|
- "{{ challenge.challenge_data[item.1]['dns-01'].record }}"
|
|
- "{{ challenge.challenge_data[item.1]['dns-01'].resource_value }}"
|
|
|
|
- name: "setup challenge server for {{ certname }} (manual dns challange)"
|
|
when:
|
|
- challenge is changed
|
|
- cert_backend.challange == "dns-01-manual"
|
|
loop: "{{ challenge.challenge_data_dns|d({})|dict2items }}"
|
|
debug:
|
|
msg: "add the following dns record: '{{ item.key }}.': { TXT: {{ item.value }} }"
|
|
|
|
- name: wait for challenges in dns (manual dns challange)
|
|
pause:
|
|
prompt: "When the relevant lines were added to dns and synced, press enter"
|
|
when:
|
|
- challenge is changed
|
|
- cert_backend.challange == "dns-01-manual"
|
|
|
|
- name: "setup challenge server for {{ certname }} (http challange)"
|
|
when:
|
|
- challenge is changed
|
|
- cert_backend.challange == "http-01"
|
|
delegate_to: "{{ item.0 }}"
|
|
loop: "{{ cert_backend.challangeserver|product(challenge.challenge_data.keys()|list)|list }}"
|
|
copy:
|
|
dest: "/var/www/letsencrypt/{{ challenge.challenge_data[item.1]['http-01'].resource | basename }}"
|
|
content: "{{ challenge.challenge_data[item.1]['http-01'].resource_value }}"
|
|
|
|
- name: "get certificate {{ certname }}"
|
|
acme_certificate:
|
|
<<: *acmetask
|
|
data: "{{ challenge }}"
|
|
|
|
- set_fact:
|
|
certchanged: "{{ challenge is changed }}"
|
|
- name: handle postflight
|
|
include: common_post.yml
|