thomas
/
sovereign
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Browse Source

letsencrypt cert folder should stay with ssl-cert group

Thomas Buck 5 years ago
parent
caf49050d2
commit
72cb7a3d23
1 changed files with 6 additions and 3 deletions
Unified View Show Diff Stats
  1. 6
    3
      roles/common/tasks/letsencrypt.yml

+ 6
- 3
roles/common/tasks/letsencrypt.yml View File

55 
     mode: 0755
 55 
     mode: 0755
56
56
57 
 - name: Create live directory for LetsEncrypt cron job
 57 
 - name: Create live directory for LetsEncrypt cron job
58 
-  file: state=directory path=/etc/letsencrypt/live group=root owner=root
58 
+  file: state=directory path=/etc/letsencrypt/live group=ssl-cert owner=root
59
59
60 
 - name: Get an SSL certificate for {{ virtual_domains | json_query('[*].name') | join(' ') }} from Let's Encrypt
 60 
 - name: Get an SSL certificate for {{ virtual_domains | json_query('[*].name') | join(' ') }} from Let's Encrypt
61 
   script: letsencrypt-gencert {{ virtual_domains | json_query('[*].name') | join(' ') }} creates=/etc/letsencrypt/live/{{ domain }}/privkey.pem
 61 
   script: letsencrypt-gencert {{ virtual_domains | json_query('[*].name') | join(' ') }} creates=/etc/letsencrypt/live/{{ domain }}/privkey.pem
62
62
63 
-- name: Modify permissions to allow ssl-cert group access
64 
-  file: path=/etc/letsencrypt/archive owner=root group=ssl-cert mode=0750
63 
+- name: Modify permissions to allow ssl-cert group access to archive
64 
+  file: path=/etc/letsencrypt/archive owner=root group=ssl-cert mode=0750 recurse=yes
65 
+
66 
+- name: Modify permissions to allow ssl-cert group access to live
67 
+  file: path=/etc/letsencrypt/live owner=root group=ssl-cert mode=0750 recurse=yes

Write Preview
Loading…
Cancel
Save