2021-02-28 00:02:43 +01:00
|
|
|
---
|
|
|
|
- name: Install dependencies
|
|
|
|
become: yes
|
|
|
|
apt:
|
|
|
|
pkg:
|
|
|
|
- oathtool
|
|
|
|
|
|
|
|
- name: Determine if acme.sh is installed
|
|
|
|
become: yes
|
|
|
|
stat:
|
|
|
|
path: "~/.acme.sh/acme.sh"
|
|
|
|
register: is_acme_sh_installed
|
|
|
|
|
|
|
|
- name: Get acme.sh Installer
|
|
|
|
become: yes
|
|
|
|
get_url:
|
|
|
|
url: https://get.acme.sh
|
|
|
|
dest: /tmp/acme.sh
|
2021-03-20 22:52:09 +01:00
|
|
|
mode: "0700"
|
2021-02-28 00:02:43 +01:00
|
|
|
when: not is_acme_sh_installed.stat.exists
|
|
|
|
|
|
|
|
- name: Install acme.sh
|
|
|
|
become: yes
|
2021-03-17 20:16:00 +01:00
|
|
|
command: "sh /tmp/acme.sh email={{ acme_email }}"
|
2021-02-28 00:02:43 +01:00
|
|
|
when: not is_acme_sh_installed.stat.exists
|
|
|
|
|
|
|
|
- name: Upgrade acme.sh
|
|
|
|
become: yes
|
2021-03-17 20:16:00 +01:00
|
|
|
command:
|
2021-02-28 00:02:43 +01:00
|
|
|
cmd: ./acme.sh --upgrade
|
|
|
|
chdir: ~/.acme.sh
|
|
|
|
when: is_acme_sh_installed.stat.exists
|
|
|
|
register: upgrade_result
|
|
|
|
changed_when: upgrade_result.rc == 0 and "Upgrade success" in upgrade_result.stdout and not "Already uptodate" in upgrade_result.stdout
|
|
|
|
|
|
|
|
- name: Issue certificates
|
|
|
|
become: yes
|
2021-03-17 20:16:00 +01:00
|
|
|
command:
|
2021-03-20 22:52:09 +01:00
|
|
|
cmd: ./acme.sh --issue -d {{ item.name }} -d '*.{{ item.name }}' --dns dns_{{ item.dns_provider }}
|
2021-02-28 00:02:43 +01:00
|
|
|
chdir: ~/.acme.sh
|
2021-03-20 22:52:09 +01:00
|
|
|
environment:
|
2021-02-28 00:02:43 +01:00
|
|
|
INWX_User: gkrause
|
|
|
|
INWX_Password: "{{ inwx_pass }}"
|
|
|
|
INWX_Shared_Secret: "{{ inwx_shared }}"
|
|
|
|
GANDI_LIVEDNS_KEY: "{{ gandi_livedns_key }}"
|
|
|
|
loop: "{{ domains }}"
|
|
|
|
register: cert_result
|
|
|
|
changed_when: cert_result.rc == 0 and "Cert success." in cert_result.stdout
|
2021-03-20 22:52:09 +01:00
|
|
|
failed_when:
|
2021-02-28 00:02:43 +01:00
|
|
|
- "'Domains not changed' not in cert_result.stdout"
|
|
|
|
- "'Cert success.' not in cert_result.stdout"
|
|
|
|
|
|
|
|
- name: Make sure certs dir exists
|
|
|
|
become: yes
|
|
|
|
file:
|
|
|
|
path: "{{ certs_dir }}/{{ item.name }}"
|
|
|
|
state: directory
|
|
|
|
mode: "0755"
|
|
|
|
loop: "{{ domains }}"
|
|
|
|
|
|
|
|
- name: Place nginx reload command to cert reload script
|
|
|
|
become: yes
|
|
|
|
lineinfile:
|
|
|
|
path: "/usr/local/bin/cert_reload_{{ item.name }}.sh"
|
|
|
|
line: "systemctl reload nginx"
|
|
|
|
create: yes
|
|
|
|
owner: root
|
|
|
|
group: root
|
|
|
|
mode: 0700
|
|
|
|
loop: "{{ domains }}"
|
|
|
|
|
|
|
|
- name: Install certificates
|
|
|
|
become: yes
|
2021-03-17 20:16:00 +01:00
|
|
|
command:
|
2021-02-28 00:02:43 +01:00
|
|
|
cmd: ./acme.sh --install-cert -d "{{ item.name }}" --key-file "{{ certs_dir }}/{{ item.name }}/key.pem" --fullchain-file "{{ certs_dir }}/{{ item.name }}/cert.pem" --reloadcmd "/usr/local/bin/cert_reload_{{ item.name }}.sh"
|
|
|
|
chdir: ~/.acme.sh
|
|
|
|
loop: "{{ domains }}"
|
|
|
|
loop_control:
|
|
|
|
index_var: domains_index
|
|
|
|
register: install_cert_result
|
|
|
|
changed_when: cert_result.results[domains_index].changed
|
|
|
|
failed_when: install_cert_result.rc != 0 and "Reload error for" not in install_cert_result.stderr
|