Commit d6ba9d4a authored by fedora Cloud User's avatar fedora Cloud User
Browse files

use apache_digicert_renew to force download of new certificates if they are set

parent 0f3cbd71
......@@ -10,10 +10,6 @@
set_fact:
ssl_alias: "{{ [ apache_vhosts[0].serveralias | default('deleteme'), apache_vhosts[0].certalias | default('deleteme') ] | reject('equalto','deleteme') | list }}"
- name: "debug"
debug:
msg: "{{ ssl_alias }}"
- name: "install package for mod_ssl"
package:
name: "mod_ssl"
......@@ -78,7 +74,7 @@
to: "{{ apache_cert_vhost.serveradmin }}"
host: "{{ apache_mail_host | default(omit) }}"
attach:
- "{{ apache_digicert_uib_csr}}/{{ apache_cert_vhost.servername }}.csr"
- "{{ apache_digicert_uib_csr }}/{{ apache_cert_vhost.servername }}.csr"
body: |
Ønsker å bestille SSL sertifikat.
......@@ -96,40 +92,32 @@
file:
state: "link"
src: "{{ apache_digicert_uib_archive }}/{{ apache_cert_vhost.servername }}/priv_key.pem"
dest: "/etc/pki/tls/private/{{apache_cert_vhost.servername }}.pem"
dest: "/etc/pki/tls/private/{{ apache_cert_vhost.servername }}.pem"
when: "apache_cert_vhost.ssl_type | default('certbot')== 'uib'"
- name: "set fact for uib renewal"
set_fact:
uib_renew_ssl: "{{ apache_digicert_renew | default(false) }}"
- name: "Get certificate with certificate only"
get_url:
url: "{{ apache_cert_vhost.certificate_only_url }}"
force: "{{ uib_renew_ssl }}"
setype: "cert_t"
dest: "{{ apache_digicert_uib_archive }}//{{ apache_cert_vhost.servername }}/cert.cer"
backup: "yes"
backup: "{{ uib_renew_ssl }}"
mode: "0444"
when: "apache_cert_vhost.ssl_type | default('certbot')== 'uib' and apache_cert_vhost.certificate_only_url is defined"
- name: "Get intermediate certs only"
get_url:
force: "{{ uib_renew_ssl }}"
url: "{{ apache_cert_vhost.certificate_interm_only_url }}"
setype: "cert_t"
dest: "{{ apache_digicert_uib_archive }}//{{ apache_cert_vhost.servername }}/cert_interm.cer"
backup: "yes"
backup: "{{ uib_renew_ssl }}"
mode: "0444"
when: "apache_cert_vhost.ssl_type | default('certbot')== 'uib' and apache_cert_vhost.certificate_interm_only_url is defined"
#- name: "concat cert and intermediate"
# loop: "{{ apache_vhosts }}"
# shell: cat cert.cet cert_interm.cer >> cert.pem
# chdir: "{{ apache_digicert_uib_archive }}//{{ item.servername }}"
# url: "{{ item.certificate_interm_only_url }}"
# setype: "cert_t"
# dest: "{{ apache_digicert_uib_archive }}//{{ item.servername }}/cert_interm.cer"
# backup: "yes"
# mode: "0444"
# when: "item.ssl_type | default('certbot')== 'uib'"
# creates: "{ apache_digicert_uib_archive }}//{{ item.servername }}/cert.pem"
- name: "Create symlinks for certificates to /etc/pki/"
file:
state: "link"
......@@ -152,21 +140,9 @@
group: root
mode: 0644
backup: true
# validate: "apachectl configtest"
notify: restart apache
when: "item.ssl_type | default('certbot')== 'uib'"
loop: "{{ apache_vhosts }}"
vars:
current_vhost: "{{ item.servername }}"
become: true
#- name: "get certificate url from ITA"
#
# prompt_vars:
# get_url:
#SSLCertificateFile /etc/pki/tls/certs/domene.uib.no.crt
#SSLCertificateKeyFile /etc/pki/tls/private/domene.uib.no.key
# SSLCertificateChainFile /etc/pki/tls/certs/digicertca2.uib.no.crt
# @todo multiple domains
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment