From 6f6916136e1d218d87fd8ea2d39c7f2dc573b51a Mon Sep 17 00:00:00 2001
From: Thomas Constans <thomas@opendoor.fr>
Date: Sun, 10 May 2020 01:04:08 +0200
Subject: [PATCH] apache_vhost: now able to create certificates using certbot

---
 tasks/certbot.yml       | 20 ++++++++++++++++----
 tasks/main.yml          |  3 ++-
 templates/vhost.conf.jj |  6 ++++++
 3 files changed, 24 insertions(+), 5 deletions(-)

diff --git a/tasks/certbot.yml b/tasks/certbot.yml
index ffc5718..f8eb566 100644
--- a/tasks/certbot.yml
+++ b/tasks/certbot.yml
@@ -12,16 +12,28 @@
     dest: /etc/httpd/conf.d/{{ apache_server_name }}.conf
     mode: 0644
   notify: restart apache
+  register: result
 
+# cant use meta / flush handlers in conditionnals
 - name: if needed, we restart apache
-  meta: flush_handlers
+  service:
+    name: httpd
+    state: restarted
+  when: result.changed
 
-- name: generate certificates
+- name: generate certificates for domaine and subdomains
   vars:
-    subdomains: "{{ apache_server_alias | join( ' -d ' ) }}"
-  command: certbot certonly --webroot --webroot-path {{ apache_document_root }}  -d {{ subdomains }}
+    subdomains: "-d {{ apache_server_alias | join( ' -d ' ) }}"
+  command: certbot certonly --webroot --webroot-path {{ apache_document_root }} -d {{ apache_server_name }} {{ subdomains }}
   args:
     creates: "{{ apache_ssl_chain }}"
+  when: apache_server_alias is defined
+
+- name: generate certificates
+  command: certbot certonly --webroot --webroot-path {{ apache_document_root }} -d {{ apache_server_name }}
+  args:
+    creates: "{{ apache_ssl_chain }}"
+  when: apache_server_alias is not defined
 
 - name: create cronjob for renewal
   cron:
diff --git a/tasks/main.yml b/tasks/main.yml
index 22f46ce..fced829 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -32,8 +32,9 @@
     - "{{ apache_base_dir }}/wsdlcache"
 
 - name: generate cert
-  include_tasks: certbot.yml
+  import_tasks: certbot.yml
   when: apache_use_certbot
+  tags: certbot,ssl
 
 - name: vhost config file
   template:
diff --git a/templates/vhost.conf.jj b/templates/vhost.conf.jj
index 97e227d..f65436b 100644
--- a/templates/vhost.conf.jj
+++ b/templates/vhost.conf.jj
@@ -1,8 +1,10 @@
 <VirtualHost *:80>
    Servername {{ apache_server_name }}
+   {% if apache_server_alias is defined %}
    {%for alias in apache_server_alias %}
    ServerAlias {{ alias }}
    {%endfor%}
+   {%endif%}
    DocumentRoot {{ apache_document_root }}
    <Directory {{ apache_document_root }}>
       require all granted
@@ -19,9 +21,11 @@
 {%if apache_use_ssl %}
 <VirtualHost *:443>
    Servername {{ apache_server_name }}
+   {% if apache_server_alias is defined %}
    {%for alias in apache_server_alias %}
    ServerAlias {{ alias }}
    {%endfor%}
+   {%endif%}
    DocumentRoot {{ apache_document_root }}
    SSLEngine on
    SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
@@ -36,8 +40,10 @@
       Options +Indexes
       AllowOverride {{ apache_allowoverride }}
    </Directory>
+   {%if apache_use_php %}
    <FilesMatch \.php$>
       SetHandler  "proxy:unix:{{ apache_php_socket }}|fcgi://localhost/"
    </FilesMatch>
+   {% endif %}
 </VirtualHost>
 {%endif %}
\ No newline at end of file