mise au point : attention , certbot en test-mode

handlers/main.yml

@@ -4,7 +4,6 @@
   service:
     name: httpd
     state: restarted
-  when: apache_restart
 
 - name: restart zabbix_agentd
   service:

tasks/certbot.yml

@@ -1,7 +1,10 @@
 ---
 - name: install certbot
   package:
-    name: certbot
+    name:
+     - certbot
+     - mod_ssl
+
     state: present
 
 - name: install apache config file without ssl
@@ -24,13 +27,13 @@
 - name: generate certificates for domaine and subdomains
   vars:
     subdomains: "-d {{ apache_server_alias | join( ' -d ' ) }}"
-  command: certbot certonly --agree-tos --non-interactive -m {{ apache_ssl_root_email }} --webroot --webroot-path {{ apache_document_root }} -d {{ apache_server_name }} {{ subdomains }}
+  command: certbot certonly --agree-tos --non-interactive -m {{ apache_ssl_root_email }} --webroot --webroot-path {{ apache_document_root }} -d {{ apache_server_name }} --test-cert {{ subdomains }}
   args:
     creates: "{{ apache_ssl_chain }}"
   when: apache_server_alias is defined
 
 - name: generate certificates
-  command: certbot certonly --agree-tos  --non-interactive -m {{ apache_ssl_root_email }} --webroot --webroot-path {{ apache_document_root }} -d {{ apache_server_name }}
+  command: certbot certonly --agree-tos  --non-interactive -m {{ apache_ssl_root_email }} --webroot --webroot-path {{ apache_document_root }} -d {{ apache_server_name }} --test-cert
   args:
     creates: "{{ apache_ssl_chain }}"
   when: apache_server_alias is not defined

tasks/main.yml

@@ -41,6 +41,10 @@
   include_tasks: dns.yml
   when: apache_use_dns
 
+- name: create certificate
+  include_tasks: certbot.yml
+  when: apache_use_ssl
+
 - name: vhost config file
   template:
     src: vhost.conf.jj

templates/vhost.conf.jj

@@ -8,7 +8,7 @@
    DocumentRoot {{ apache_document_root }}
    <Directory {{ apache_document_root }}>
       require all granted
-      Options -indexes
+      Options +indexes
    </Directory>
    {%if apache_use_ssl %}
    RewriteEngine on