Update to 2021-05-26 17:00

roles/letsencrypt/defaults/main.yml

@@ -17,6 +17,7 @@ letsencrypt_challenge: http
 # letsencrypt_dns_provider_options: '--api-protocol=rest'
 # letsencrypt_dns_auth_token: XXXX
 #
+letsencrypt_certs: []
 # letsencrypt_certs:
 #   - common_name: www.domain.org
 #     alt_names:
@@ -27,6 +28,10 @@ letsencrypt_challenge: http
 #   - common_name: ldap.domain.com
 #     alt_names:
 #       - directory.domain.com
+#     config:
+#       CHALLENGETYPE: http-01
+#       RENEW_DAYS: 20
+#       KEYSIZE: 3072
 
 letsencrypt_base_hooks:
   clean_challenge: |

roles/letsencrypt/tasks/main.yml

@@ -56,6 +56,10 @@
     - exit_hook
   tags: web,ssl
 
+- name: Create per cert configuration dir
+  file: path=/etc/dehydrated/certificates state=directory
+  tags: web,ssl
+
 - name: Deploy default hooks
   copy: content={{ letsencrypt_hooks[item] }} dest=/etc/dehydrated/hooks_{{ item }}.d/00-default mode=755
   loop:
@@ -110,6 +114,12 @@
   notify: renew dehydrated
   tags: web,ssl
 
+- name: Deploy per certificate config
+  template: src=cert_config.j2 dest=/etc/dehydrated/certificates/{{ item.common_name }} mode=600
+  loop: "{{ letsencrypt_certs }}"
+  notify: renew dehydrated
+  tags: web,ssl
+
 - name: Create httpd conf dir
   file: path=/etc/httpd/ansible_conf.d state=directory
   when: ansible_os_family == 'RedHat'

roles/letsencrypt/templates/cert_config.j2

@@ -0,0 +1,5 @@
+{% if item.config is defined and item.config is mapping %}
+{% for key in item.config.keys() | list %}
+{{ key }}={{ item.config[key] }}
+{% endfor %}
+{% endif %}

roles/letsencrypt/templates/config.j2

@@ -4,6 +4,7 @@ CA={{ letsencrypt_ca }}
 IP_VERSION=4
 BASEDIR=/var/lib/dehydrated/certificates
 DOMAINS_TXT=/etc/dehydrated/domains.txt
+DOMAINS_D=/etc/dehydrated/certificates
 WELLKNOWN=/var/lib/dehydrated/challenges
 KEYSIZE="{{ letsencrypt_key_size | default('4096') }}"
 HOOK=/usr/{{ (ansible_os_family == 'Debian') | ternary('local/','') }}bin/dehydrated_hooks