Update to 2021-05-26 17:00

master
Daniel Berteaud 4 years ago
parent f868a0bda8
commit 478bd6a3b6
  1. 5
      roles/letsencrypt/defaults/main.yml
  2. 10
      roles/letsencrypt/tasks/main.yml
  3. 5
      roles/letsencrypt/templates/cert_config.j2
  4. 1
      roles/letsencrypt/templates/config.j2

@ -17,6 +17,7 @@ letsencrypt_challenge: http
# letsencrypt_dns_provider_options: '--api-protocol=rest'
# letsencrypt_dns_auth_token: XXXX
#
letsencrypt_certs: []
# letsencrypt_certs:
# - common_name: www.domain.org
# alt_names:
@ -27,6 +28,10 @@ letsencrypt_challenge: http
# - common_name: ldap.domain.com
# alt_names:
# - directory.domain.com
# config:
# CHALLENGETYPE: http-01
# RENEW_DAYS: 20
# KEYSIZE: 3072
letsencrypt_base_hooks:
clean_challenge: |

@ -56,6 +56,10 @@
- exit_hook
tags: web,ssl
- name: Create per cert configuration dir
file: path=/etc/dehydrated/certificates state=directory
tags: web,ssl
- name: Deploy default hooks
copy: content={{ letsencrypt_hooks[item] }} dest=/etc/dehydrated/hooks_{{ item }}.d/00-default mode=755
loop:
@ -110,6 +114,12 @@
notify: renew dehydrated
tags: web,ssl
- name: Deploy per certificate config
template: src=cert_config.j2 dest=/etc/dehydrated/certificates/{{ item.common_name }} mode=600
loop: "{{ letsencrypt_certs }}"
notify: renew dehydrated
tags: web,ssl
- name: Create httpd conf dir
file: path=/etc/httpd/ansible_conf.d state=directory
when: ansible_os_family == 'RedHat'

@ -0,0 +1,5 @@
{% if item.config is defined and item.config is mapping %}
{% for key in item.config.keys() | list %}
{{ key }}={{ item.config[key] }}
{% endfor %}
{% endif %}

@ -4,6 +4,7 @@ CA={{ letsencrypt_ca }}
IP_VERSION=4
BASEDIR=/var/lib/dehydrated/certificates
DOMAINS_TXT=/etc/dehydrated/domains.txt
DOMAINS_D=/etc/dehydrated/certificates
WELLKNOWN=/var/lib/dehydrated/challenges
KEYSIZE="{{ letsencrypt_key_size | default('4096') }}"
HOOK=/usr/{{ (ansible_os_family == 'Debian') | ternary('local/','') }}bin/dehydrated_hooks

Loading…
Cancel
Save