Initial commit
This commit is contained in:
commit
b8ad942a1e
12
README.md
Normal file
12
README.md
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
# Simple acme.sh role
|
||||||
|
|
||||||
|
Fetches letsencrypt certificates for a list of domains.
|
||||||
|
|
||||||
|
It needs to be run after the **websites** roles to install nginx & proper directories.
|
||||||
|
|
||||||
|
# Expected parameters
|
||||||
|
|
||||||
|
**acme_domains**: List of domains
|
||||||
|
**acme_dest**: Absolute directory path where the certs should be written
|
||||||
|
**acme_owner**: unix user who should own the directory and certs
|
||||||
|
**acme_reload_cmd**: Command to run after certs have been updated
|
40
tasks/main.yml
Normal file
40
tasks/main.yml
Normal file
@ -0,0 +1,40 @@
|
|||||||
|
|
||||||
|
---
|
||||||
|
- name: Install acme.sh
|
||||||
|
community.general.pacman:
|
||||||
|
name: acme.sh
|
||||||
|
state: present
|
||||||
|
|
||||||
|
- name: Isntall acme.sh cron
|
||||||
|
cmd:
|
||||||
|
chdir: /usr/bin/
|
||||||
|
cmd: ./acme.sh --install
|
||||||
|
|
||||||
|
- name: Generate certificates
|
||||||
|
command:
|
||||||
|
cmd: >
|
||||||
|
acme.sh --issue -d {{ acme_domains | join(" -d ") }}
|
||||||
|
-w /var/lib/letsencrypt/webroot
|
||||||
|
creates: /root/.acme.sh/{{ acme_domains[0] }}
|
||||||
|
|
||||||
|
- name: Install certificates
|
||||||
|
command:
|
||||||
|
cmd: >
|
||||||
|
acme.sh --install-cert -d "{{ acme_domains[0] }}"
|
||||||
|
--fullchain-file "{{ acme_dest }}/{{ acme_domains[0] }}.crt"
|
||||||
|
--key-file "{{ acme_dest }}/{{ acme_domains[0] }}.key"
|
||||||
|
--reloadcmd "{{ acme_reload_cmd }}"
|
||||||
|
creates:
|
||||||
|
- "{{ acme_dest }}/{{ acme_domains[0] }}.key"
|
||||||
|
- "{{ acme_dest }}/{{ acme_domains[0] }}.crt"
|
||||||
|
|
||||||
|
- name: Ensure cert permissions
|
||||||
|
file:
|
||||||
|
path: "{{ item }}"
|
||||||
|
state: file
|
||||||
|
owner: "{{ acme_owner }}"
|
||||||
|
group: "{{ acme_owner }}"
|
||||||
|
mode: 0600
|
||||||
|
loop:
|
||||||
|
- "{{ acme_dest }}/{{ acme_domains[0] }}.key"
|
||||||
|
- "{{ acme_dest }}/{{ acme_domains[0] }}.crt"
|
Loading…
Reference in New Issue
Block a user