2024-04-20 06:24:20 -04:00
|
|
|
- name: Install certbot package (Archlinux)
|
|
|
|
when: ansible_facts['os_family'] == "Archlinux"
|
|
|
|
community.general.pacman:
|
|
|
|
name:
|
|
|
|
- certbot
|
2024-04-20 09:04:17 -04:00
|
|
|
- certbot-dns-{{ certbot_dns_plugin }}
|
2024-04-20 06:24:20 -04:00
|
|
|
state: present
|
|
|
|
update_cache: true
|
|
|
|
|
2024-04-20 09:04:17 -04:00
|
|
|
- name: Install certbot webserver plugin (Archlinux)
|
|
|
|
when:
|
|
|
|
- ansible_facts['os_family'] == "Archlinux"
|
|
|
|
- certbot_webserver_type == 'nginx'
|
|
|
|
community.general.pacman:
|
|
|
|
name:
|
|
|
|
- certbot-nginx
|
|
|
|
state: present
|
|
|
|
update_cache: true
|
|
|
|
|
2024-04-21 09:37:46 -04:00
|
|
|
- name: Template out the rfc2136 credentials file
|
2024-04-20 09:04:17 -04:00
|
|
|
when: certbot_dns_plugin == 'rfc2136'
|
|
|
|
ansible.builtin.template:
|
|
|
|
src: "{{ certbot_dns_plugin }}.conf.j2"
|
|
|
|
dest: "/etc/letsencrypt/{{ certbot_dns_plugin }}.conf"
|
|
|
|
owner: root
|
|
|
|
group: root
|
|
|
|
mode: '0600'
|
|
|
|
|
2024-04-21 09:37:46 -04:00
|
|
|
- name: Template out the certbot default config
|
|
|
|
ansible.builtin.template:
|
|
|
|
src: cli.ini.j2
|
|
|
|
dest: /etc/letsencrypt/cli.ini
|
|
|
|
owner: root
|
|
|
|
group: root
|
|
|
|
mode: '0644'
|
2024-04-20 09:04:17 -04:00
|
|
|
|
|
|
|
- name: Request and install certificates
|
|
|
|
ansible.builtin.command:
|
|
|
|
argv:
|
2024-04-21 09:37:46 -04:00
|
|
|
- certbot
|
|
|
|
- certonly
|
|
|
|
- -n
|
|
|
|
- --dns-{{ certbot_dns_plugin }}
|
|
|
|
- --dns-{{ certbot_dns_plugin }}-credentials
|
|
|
|
- /etc/letsencrypt/{{ certbot_dns_plugin }}.conf
|
|
|
|
- --dns-rfc2136-propagation-seconds
|
|
|
|
- "{{ certbot_rfc2136_propagation_seconds | default(5) }}"
|
|
|
|
- -d
|
|
|
|
- "{{ item }}"
|
2024-04-20 09:04:17 -04:00
|
|
|
creates: /etc/letsencrypt/live/{{ item }}/fullchain.pem
|
|
|
|
loop: "{{ certbot_domains }}"
|
2024-04-21 09:37:46 -04:00
|
|
|
notify: "{{ certbot_notify }}"
|
2024-04-20 09:04:17 -04:00
|
|
|
|
|
|
|
- name: Enable certbot renewal
|
|
|
|
ansible.builtin.service:
|
|
|
|
name: certbot-renew.timer
|
|
|
|
state: started
|
|
|
|
enabled: true
|