Initial commit

README.md

@@ -0,0 +1,12 @@
+# Simple acme.sh role
+
+Fetches letsencrypt certificates for a list of domains.
+
+It needs to be run after the **websites** roles to install nginx & proper directories.
+
+# Expected parameters
+
+**acme_domains**: List of domains
+**acme_dest**: Absolute directory path where the certs should be written
+**acme_owner**: unix user who should own the directory and certs
+**acme_reload_cmd**: Command to run after certs have been updated

tasks/main.yml

@@ -0,0 +1,40 @@
+
+---
+- name: Install acme.sh
+  community.general.pacman:
+    name: acme.sh
+    state: present
+
+- name: Isntall acme.sh cron
+  cmd:
+    chdir: /usr/bin/
+    cmd: ./acme.sh --install
+
+- name: Generate certificates
+  command:
+    cmd: >
+      acme.sh --issue -d {{ acme_domains | join(" -d ") }}
+      -w /var/lib/letsencrypt/webroot
+    creates: /root/.acme.sh/{{ acme_domains[0] }}
+
+- name: Install certificates
+  command:
+    cmd: >
+      acme.sh --install-cert -d "{{ acme_domains[0] }}"
+      --fullchain-file "{{ acme_dest }}/{{ acme_domains[0] }}.crt"
+      --key-file "{{ acme_dest }}/{{ acme_domains[0] }}.key"
+      --reloadcmd "{{ acme_reload_cmd }}"
+    creates:
+      - "{{ acme_dest }}/{{ acme_domains[0] }}.key"
+      - "{{ acme_dest }}/{{ acme_domains[0] }}.crt"
+
+- name: Ensure cert permissions
+  file:
+    path: "{{ item }}"
+    state: file
+    owner: "{{ acme_owner }}"
+    group: "{{ acme_owner }}"
+    mode: 0600
+  loop:
+      - "{{ acme_dest }}/{{ acme_domains[0] }}.key"
+      - "{{ acme_dest }}/{{ acme_domains[0] }}.crt"