--- - name: Install dehydrated client yum: name: - dehydrated - python2-dns-lexicon when: ansible_os_family == 'RedHat' - name: Install dependencies apt: name: - python-pip - python-setuptools - curl when: ansible_os_family == 'Debian' - name: Create needed directories file: path={{ item }} state=directory with_items: - /etc/dehydrated - /var/lib/dehydrated/certificates - /var/lib/dehydrated/challenges - name: Install dehydrated get_url: url: "{{ item.url }}" dest: "{{ item.dest }}" mode: 755 force: True environment: - https_proxy: "{{ system_proxy | default('') }}" with_items: - url: https://raw.githubusercontent.com/lukas2511/dehydrated/master/dehydrated dest: /usr/local/bin/dehydrated - url: https://git.fws.fr/fws/dehydrated/raw/branch/master/dehydrated_hooks dest: /usr/local/bin/dehydrated_hooks when: ansible_os_family == 'Debian' - name: Install lexicon pip: name=dns-lexicon state=latest environment: - https_proxy: "{{ system_proxy | default('') }}" when: ansible_os_family == 'Debian' - name: Create hook directories file: path=/etc/dehydrated/hooks_{{ item }}.d state=directory loop: - clean_challenge - deploy_cert - deploy_challenge - unchanged_cert - invalid_challenge - request_failure - generate_csr - startup_hook - exit_hook - name: Deploy default hooks copy: content={{ letsencrypt_hooks[item] }} dest=/etc/dehydrated/hooks_{{ item }}.d/00-default mode=755 loop: - clean_challenge - deploy_cert - deploy_challenge - unchanged_cert - invalid_challenge - request_failure - generate_csr - startup_hook - exit_hook - name: Remove obsolete gandi_live backend # merged with gandi now file: path=/usr/lib/python2.7/site-packages/lexicon/providers/{{ item }} state=absent loop: - gandi_live.py - gandi_live.pyc - name: Deploy lexicon hooks template: src=dns-lexicon-{{ item }}.j2 dest=/etc/dehydrated/hooks_{{ item }}.d/dns-lexicon mode=755 with_items: - deploy_challenge - clean_challenge when: - letsencrypt_challenge == 'dns' - letsencrypt_dns_provider is defined - letsencrypt_dns_auth_token is defined - name: Remove lexicon hooks file: path=/etc/dehydrated/hooks_{{ item }}.d/dns-lexicon state=absent with_items: - deploy_challenge - clean_challenge when: letsencrypt_challenge != 'dns' or letsencrypt_dns_provider is not defined or letsencrypt_dns_auth_token is not defined - name: Deploy dehydrated configuration template: src={{ item.src }} dest={{item.dest }} mode={{ item.mode | default('644') }} with_items: - src: config.j2 dest: /etc/dehydrated/config mode: 600 - src: domains.txt.j2 dest: /etc/dehydrated/domains.txt - src: cron.j2 dest: /etc/cron.daily/dehydrated mode: 755 notify: renew dehydrated - name: Create httpd conf dir file: path=/etc/httpd/ansible_conf.d state=directory when: ansible_os_family == 'RedHat' - name: Deploy dehydrated config for apache copy: src={{ item.src }} dest={{ item.dest }} with_items: - src: httpd_dehydrated.conf dest: /etc/httpd/ansible_conf.d/10-dehydrated.conf - src: common_letsencrypt.inc dest: /etc/httpd/ansible_conf.d/common_letsencrypt.inc register: letsencrypt_httpd_conf when: ansible_os_family == 'RedHat' - name: Check if Apache httpd is installed stat: path=/lib/systemd/system/httpd.service register: letsencrypt_httpd when: ansible_os_family == 'RedHat' - name: Reload httpd config service: name=httpd state=reloaded when: - letsencrypt_httpd_conf.changed - letsencrypt_httpd.stat.exists - ansible_os_family == 'RedHat' - name: Register on Let's Encrypt command: dehydrated --register --accept-terms changed_when: False environment: - https_proxy: "{{ system_proxy | default('') }}" ...