浏览代码

letsencrypt cert folder should stay with ssl-cert group

Thomas Buck 5 年前
父节点
当前提交
72cb7a3d23
共有 1 个文件被更改,包括 6 次插入3 次删除
  1. 6
    3
      roles/common/tasks/letsencrypt.yml

+ 6
- 3
roles/common/tasks/letsencrypt.yml 查看文件

@@ -55,10 +55,13 @@
55 55
     mode: 0755
56 56
 
57 57
 - name: Create live directory for LetsEncrypt cron job
58
-  file: state=directory path=/etc/letsencrypt/live group=root owner=root
58
+  file: state=directory path=/etc/letsencrypt/live group=ssl-cert owner=root
59 59
 
60 60
 - name: Get an SSL certificate for {{ virtual_domains | json_query('[*].name') | join(' ') }} from Let's Encrypt
61 61
   script: letsencrypt-gencert {{ virtual_domains | json_query('[*].name') | join(' ') }} creates=/etc/letsencrypt/live/{{ domain }}/privkey.pem
62 62
 
63
-- name: Modify permissions to allow ssl-cert group access
64
-  file: path=/etc/letsencrypt/archive owner=root group=ssl-cert mode=0750
63
+- name: Modify permissions to allow ssl-cert group access to archive
64
+  file: path=/etc/letsencrypt/archive owner=root group=ssl-cert mode=0750 recurse=yes
65
+
66
+- name: Modify permissions to allow ssl-cert group access to live
67
+  file: path=/etc/letsencrypt/live owner=root group=ssl-cert mode=0750 recurse=yes

正在加载...
取消
保存