Commit 86b7acad authored by Oyvind.Gjesdal's avatar Oyvind.Gjesdal
Browse files

certbot certificate running

parent cee79652
......@@ -11,15 +11,21 @@
stat:
path: "/etc/letsencrypt/live/{{ apache_vhosts[0].servername }}/cert.pem"
register: "letsencrypt_cert"
- name: "register a list of aliases to add to SSL"
set_fact:
ssl_alias: "{{ [ apache_vhosts[0].serveralias | default('deleteme'), apache_vhosts[0].certalias | default('deleteme') ] | reject('equalto','deleteme') | list }}"
- name: "debug"
debug:
msg: "{{ ssl_alias }}"
- name: "copy config used by certbot to server"
template:
backup: true
src: "temp.conf.j2"
dest: "/etc/httpd/conf.d/temp.conf"
when: "not letsencrypt_cert.stat.exists"
when: "not letsencrypt_cert.stat.exists or apache_vhosts[0].ssl_force | default(false) | bool"
vars:
test_servername: "{{ apache_vhosts[0].servername }}"
test_alias: "{{ ssl_alias }}"
become: true
- name: "install {{ certbot_packages }}"
......@@ -31,11 +37,12 @@
- name: "start httpd"
systemd:
name: "httpd"
state: "started"
state: "restarted"
become: true
when: "apache_vhosts[0].ssl_force | default(false) | bool"
- name: "run command to get certificate"
command: "certbot --apache certonly {{ certbot_ssl_dry_run }} --non-interactive --agree-tos --email {{ item.serveradmin }} -d {%if item.serveralias is defined %} {{ [item.servername, item.serveralias , item.certalias | default(omit) ] | join(',') }} {% else %} {{ item.servername }} {% endif %}" # noqa 204
command: "certbot --apache certonly {{ certbot_ssl_dry_run }} --non-interactive --agree-tos --email {{ item.serveradmin }} -d {{ item.servername }}{%if item.serveralias is defined or item.certalias is defined %},{{ ssl_alias | join(',') }} {% if item.ssl_force %}--expand{%endif %} {% else %} {{ item.servername }} {% endif %}" # noqa 204
with_items: "{{ apache_vhosts }}"
become: true
when: "(apache_certbot and not letsencrypt_cert.stat.exists and item.ssl is defined and item.ssl | bool) or (item.ssl_force | default(false) | bool and (item.ssl_type is undefined or item.ssl_type == 'certbot'))"
......
<VirtualHost *:80>
ServerName {{ test_servername }}
{% for alias in test_alias %}
ServerAlias {{ alias }}
{% endfor %}
</VirtualHost>
......@@ -10,7 +10,13 @@
{% if vhost.documentroot is defined %}
DocumentRoot "{{ vhost.documentroot }}"
{% endif %}
{% set letsencrypt_vhost_path = '/etc/letsencrypt/live/' + vhost.servername + '/' %}
{% if vhost.servername != apache_vhosts[0].servername %}
{% set key_servername = apache_vhosts[0].servername %}
{% else %}
{% set key_servername = vhost.servername %}
{% endif %}
{% set letsencrypt_vhost_path = '/etc/letsencrypt/live/' + key_servername + '/' %}
{% set default_cert_file = letsencrypt_vhost_path + 'cert.pem' %}
{% set default_cert_key = letsencrypt_vhost_path + 'privkey.pem' %}
{% set default_chain_file = letsencrypt_vhost_path + 'chain.pem' %}
......@@ -38,9 +44,9 @@
SSLOptions +StrictRequire
SSLCompression off
SSLCertificateFile {{ vhost.certificate_file | default('/etc/pki/tls/certs/'+ vhost.servername + '.pem') }}
SSLCertificateKeyFile {{ vhost.certificate_key_file | default('/etc/pki/tls/private/' + vhost.servername + '.pem') }}
SSLCertificateChainFile {{vhost.certificate_chain_file | default('/etc/pki/tls/certs/' + vhost.servername + '.chain.pem') }}
SSLCertificateFile {{ vhost.certificate_file | default('/etc/pki/tls/certs/'+ key_servername + '.pem') }}
SSLCertificateKeyFile {{ vhost.certificate_key_file | default('/etc/pki/tls/private/' + key_servername + '.pem') }}
SSLCertificateChainFile {{vhost.certificate_chain_file | default('/etc/pki/tls/certs/' + key_servername + '.chain.pem') }}
{% endif %}
{% if vhost.serveradmin is defined %}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment