Browse Source

letsencrypt cert folder should stay with ssl-cert group

Thomas Buck 5 years ago
parent
commit
72cb7a3d23
1 changed files with 6 additions and 3 deletions
  1. 6
    3
      roles/common/tasks/letsencrypt.yml

+ 6
- 3
roles/common/tasks/letsencrypt.yml View File

55
     mode: 0755
55
     mode: 0755
56
 
56
 
57
 - name: Create live directory for LetsEncrypt cron job
57
 - name: Create live directory for LetsEncrypt cron job
58
-  file: state=directory path=/etc/letsencrypt/live group=root owner=root
58
+  file: state=directory path=/etc/letsencrypt/live group=ssl-cert owner=root
59
 
59
 
60
 - name: Get an SSL certificate for {{ virtual_domains | json_query('[*].name') | join(' ') }} from Let's Encrypt
60
 - name: Get an SSL certificate for {{ virtual_domains | json_query('[*].name') | join(' ') }} from Let's Encrypt
61
   script: letsencrypt-gencert {{ virtual_domains | json_query('[*].name') | join(' ') }} creates=/etc/letsencrypt/live/{{ domain }}/privkey.pem
61
   script: letsencrypt-gencert {{ virtual_domains | json_query('[*].name') | join(' ') }} creates=/etc/letsencrypt/live/{{ domain }}/privkey.pem
62
 
62
 
63
-- name: Modify permissions to allow ssl-cert group access
64
-  file: path=/etc/letsencrypt/archive owner=root group=ssl-cert mode=0750
63
+- name: Modify permissions to allow ssl-cert group access to archive
64
+  file: path=/etc/letsencrypt/archive owner=root group=ssl-cert mode=0750 recurse=yes
65
+
66
+- name: Modify permissions to allow ssl-cert group access to live
67
+  file: path=/etc/letsencrypt/live owner=root group=ssl-cert mode=0750 recurse=yes

Loading…
Cancel
Save