roles/util/letsencrypt-cert/tasks/main.yml

   1 #####################################
   2 ### someone's ansible provisioner ###
   3 #####################################
   4 # Part of: https://git.somenet.org/root/pub/somesible.git
   5 # 2017-2024 by someone <someone@somenet.org>
   6 #
   7 ---
   8 - name: append {{letsencrypt_cert_domain}} to domains.txt
   9   lineinfile:
  10     line: "{{letsencrypt_cert_domain}} {{letsencrypt_cert_domain_alias}}"
  11     path: "/etc/dehydrated/domains.txt"
  12     mode: 0640
  13     owner: "letsencrypt"
  14     group: "letsencrypt"
  15   changed_when: False
  16   when: letsencrypt_cert_domain != ""
  17
  18
  19 - name: create domains.txt.ansible.tmp for {{letsencrypt_cert_domain}}
  20   copy:
  21     content: "{{letsencrypt_cert_domain}} {{letsencrypt_cert_domain_alias}}\n"
  22     dest: "/etc/dehydrated/domains.txt.ansible.tmp"
  23     mode: 0640
  24     owner: "letsencrypt"
  25     group: "letsencrypt"
  26   changed_when: False
  27   when: letsencrypt_cert_domain != ""
  28
  29
  30 - name: request cert for {{letsencrypt_cert_domain}}
  31   shell: "/usr/bin/dehydrated -c"
  32   args:
  33     creates: "/etc/ssl/letsencrypt/{{letsencrypt_cert_domain}}/cert.pem"
  34   environment:
  35     DOMAINS_TXT: '/etc/dehydrated/domains.txt.ansible.tmp'
  36   become: true
  37   become_user: "letsencrypt"
  38   tags: "online"
  39   when: letsencrypt_cert_domain != ""
  40
  41
  42 - name: fix permissions for /etc/ssl/letsencrypt/{{letsencrypt_cert_domain}}
  43   file:
  44     path: "/etc/ssl/letsencrypt/{{letsencrypt_cert_domain}}"
  45     state: directory
  46     recurse: yes
  47     mode: "u+rwX,g+rX,o-rwx"
  48     owner: "letsencrypt"
  49     group: "ssl-cert"
  50   when: letsencrypt_cert_domain != ""
  51
  52
  53 - name: remove domains.txt.ansible.tmp
  54   file:
  55     path: "/etc/dehydrated/domains.txt.ansible.tmp"
  56     state: absent
  57   changed_when: False