56 lines
1.4 KiB
YAML
56 lines
1.4 KiB
YAML
---
|
|
- name: install certbot
|
|
package:
|
|
name:
|
|
- certbot
|
|
- mod_ssl
|
|
|
|
state: present
|
|
|
|
- name: install apache config file without ssl
|
|
vars:
|
|
apache_use_ssl: false
|
|
template:
|
|
src: vhost.conf.jj
|
|
dest: /etc/httpd/conf.d/{{ apache_server_name }}.conf
|
|
mode: 0644
|
|
notify: restart apache
|
|
register: result
|
|
|
|
# cant use meta / flush handlers in conditionnals
|
|
- name: if needed, we restart apache
|
|
service:
|
|
name: httpd
|
|
state: restarted
|
|
when: result.changed
|
|
|
|
- name: generate certificates for domaine and subdomains
|
|
vars:
|
|
subdomains: "-d {{ apache_server_alias | join( ' -d ' ) }}"
|
|
command: certbot certonly --agree-tos --non-interactive -m {{ apache_ssl_root_email }} --webroot --webroot-path {{ apache_document_root }} -d {{ apache_server_name }} {{ subdomains }}
|
|
args:
|
|
creates: "{{ apache_ssl_chain }}"
|
|
when: apache_server_alias is defined
|
|
|
|
- name: generate certificates
|
|
command: certbot certonly --agree-tos --non-interactive -m {{ apache_ssl_root_email }} --webroot --webroot-path {{ apache_document_root }} -d {{ apache_server_name }}
|
|
args:
|
|
creates: "{{ apache_ssl_chain }}"
|
|
when: apache_server_alias is not defined
|
|
|
|
- name: deploy ssl config file
|
|
template:
|
|
src: ssl.conf
|
|
dest: /etc/httpd/conf.d
|
|
notify: restart apache
|
|
|
|
- name: create cronjob for renewal
|
|
cron:
|
|
name: certbot
|
|
cron_file: certbot
|
|
user: root
|
|
hour: "01"
|
|
minute: "00"
|
|
weekday: "6"
|
|
job: "/usr/bin/certbot renew"
|