Something went wrong on our end
-
Nicolas KAROLAK authoredNicolas KAROLAK authored
main.yml 3.30 KiB
---
- name: install certbot
package:
force_apt_get: true
install_recommends: false
name: certbot
- name: get all server_name values
when: letsencrypt_domains == []
changed_when: false
register: letsencryt_nginx_output
shell:
executable: /bin/bash
cmd: |
set -o pipefail
nginx -T 2>&1 | grep -v localhost | grep -P '^\s+server_name\s+.*;$' | sed -r 's/\s+server_name\s+(.*);/\1/' | uniq
- name: save result as list
when: letsencrypt_domains == []
set_fact:
letsencrypt_domains: "{{ letsencryt_nginx_output.stdout.split() }}"
- name: save domains list in a file
register: letsencrypt_save_list
copy:
dest: /etc/letsencrypt/domains.txt
content: |
{% for domain in letsencrypt_domains %}
{{ domain }}
{% endfor %}
- name: create webroot directory
file:
path: "{{ letsencrypt_webroot }}"
state: directory
- name: create renewal hook directory
file:
path: /etc/letsencrypt/renewal-hooks/deploy
state: directory
- name: create pre hook script
copy:
dest: /etc/letsencrypt/renewal-hooks/pre/mkdir
mode: 0755
content: |
#!/usr/bin/env bash
CERTBOT_DOCROOT=/tmp/letsencrypt
mkdir -p "$CERTBOT_DOCROOT"
chmod 755 "$CERTBOT_DOCROOT"
- name: create deploy hook script
copy:
dest: /etc/letsencrypt/renewal-hooks/deploy/nginx
mode: 0755
content: |
#!/usr/bin/env bash
nginx -t > /dev/null 2>&1
systemctl reload nginx
- name: test generate certificates
when:
- letsencrypt_domains != []
- letsencrypt_save_list is changed
register: letsencrypt_dry_run
ignore_errors: true
command:
cmd: |
certbot certonly \