uib_ssl.yml 1.7 KB
Newer Older
Øyvind gjesdal's avatar
Øyvind gjesdal committed
1
# single domain
Oyvind.Gjesdal's avatar
wip ssl    
Oyvind.Gjesdal committed
2
3
4
5
6
7
8
9
10
11
- name: "set fact for folder for digicert"
  set_fact:
    apache_digicert_uib_home: "/etc/digicert-uib"
    
- name: "create digicert-uib-folder"
  file:
    path: "{{ item }}"
    state: "directory"
    owner: root
    group: "root"
Oyvind.Gjesdal's avatar
Oyvind.Gjesdal committed
12
    mode: "0550"
Oyvind.Gjesdal's avatar
wip ssl    
Oyvind.Gjesdal committed
13
14
15
16
17
18
  loop:
  - "{{ apache_digicert_uib_home }}"
  - "{{ apache_digicert_uib_home }}/archive"
  
- name: "create directory for vhosts"
  file:
Oyvind.Gjesdal's avatar
Oyvind.Gjesdal committed
19
    path: "{{ apache_digicert_uib_home }}/archive/{{ item.servername }}"
Oyvind.Gjesdal's avatar
wip ssl    
Oyvind.Gjesdal committed
20
21
22
    state: "directory"
    owner: "root"
    group: "root"
Oyvind.Gjesdal's avatar
Oyvind.Gjesdal committed
23
    mode: "0550"
Oyvind.Gjesdal's avatar
wip ssl    
Oyvind.Gjesdal committed
24
25
26
27
28
29
30
31
32
  loop: "{{ apache_vhosts }}"
  when: "item.ssl_type == 'uib'"

- name: "stat archive"
  stat:
    path: "{{ apache_digicert_uib_home }}/archive"
  register: apace_digicert_archive

- name: "prompt for renew"
Oyvind.Gjesdal's avatar
Oyvind.Gjesdal committed
33
34
35
  pause:
    prompt: "Confirm that you want to renew your digicert certificate (y/n)"
  register: "apache_digicert_confirm_renew"
36
  when: "apache_digicert_renew | default(false) | bool"
Oyvind.Gjesdal's avatar
wip ssl    
Oyvind.Gjesdal committed
37

Oyvind.Gjesdal's avatar
Oyvind.Gjesdal committed
38

Øyvind gjesdal's avatar
Øyvind gjesdal committed
39
40
- name: "generate ssl private key"
  openssl_privatekey:
Oyvind.Gjesdal's avatar
Oyvind.Gjesdal committed
41
    path: "{{ apache_digicert_uib_home }}/archive/{{ item.servername }}/priv_key.pem"
Oyvind.Gjesdal's avatar
wip ssl    
Oyvind.Gjesdal committed
42
43
    backup: "yes"
    size: "2048"
Øyvind gjesdal's avatar
Øyvind gjesdal committed
44
  loop: "{{ apache_vhosts }}"
45
  when: "item.ssl_type  | default('certbot')== 'uib'"
Øyvind gjesdal's avatar
Øyvind gjesdal committed
46
47
48

- name: "generate an OpenSSL Certificate Signin request"
  openssl_csr:
Oyvind.Gjesdal's avatar
wip ssl    
Oyvind.Gjesdal committed
49
    backup: "yes"
Oyvind.Gjesdal's avatar
Oyvind.Gjesdal committed
50
    path: "{{ apache_digicert_uib_home }}/csr//{{ item.servername }}.csr"
Oyvind.Gjesdal's avatar
Oyvind.Gjesdal committed
51
    privatekey_path: /etc/pki/tls/{{ item.servername }}.pem
Øyvind gjesdal's avatar
Øyvind gjesdal committed
52
    country_name: "NO"
53
    organization_unit: "Universitetet_i_Bergen"
Oyvind.Gjesdal's avatar
Oyvind.Gjesdal committed
54
    common_name: "{{ item.servername }}"
Oyvind.Gjesdal's avatar
Oyvind.Gjesdal committed
55
56
  loop: "{{ apache_vhosts }}"
  when: "item.ssl_type  | default('certbot')== 'uib'"
Oyvind.Gjesdal's avatar
Oyvind.Gjesdal committed
57

Oyvind.Gjesdal's avatar
Oyvind.Gjesdal committed
58
59
60
#- name: "get certificate url from ITA"
#  prompt_vars: 
  #  get_url:
Oyvind.Gjesdal's avatar
wip ssl    
Oyvind.Gjesdal committed
61
    
Øyvind gjesdal's avatar
Øyvind gjesdal committed
62
# @todo multiple domains