пре 8 година · 899f527ca3
--- a/roles/common/files/etc_cron-daily_letsencrypt-renew
+++ b/roles/common/files/etc_cron-daily_letsencrypt-renew
@@ -3,11 +3,6 @@ set -o errexit
 
				
				 # Renew all live certificates with LetsEncrypt.  This needs to run at least
			
 
				
				 # once every three months, but recommended frequency is once a day.
			
 
				
				 
			
 
				
				-/root/letsencrypt/letsencrypt-auto renew --pre-hook="service apache2 stop" --post-hook="service apache2 start" \
			
 
				
				-    -c /etc/letsencrypt/cli.conf
			
 
				
				-
			
 
				
				-# Services that rely on LE certificates may need restarted and/or other actions.
			
 
				
				-for script in $(find /etc/letsencrypt/postrenew/ -maxdepth 1 -type f -executable); do
			
 
				
				-  echo "Executing ${script}."
			
 
				
				-  $script
			
 
				
				-done
			
 
				
				+/root/letsencrypt/letsencrypt-auto renew -c /etc/letsencrypt/cli.conf \
			
 
				
				+--pre-hook="find /etc/letsencrypt/prerenew/ -maxdepth 1 -type f -executable -exec {} \;" \
			
 
				
				+--post-hook="find /etc/letsencrypt/postrenew/ -maxdepth 1 -type f -executable -exec {} \;"
			
--- a/roles/common/tasks/letsencrypt.yml
+++ b/roles/common/tasks/letsencrypt.yml
@@ -19,16 +19,35 @@
 
				
				   register: le_deps_result
			
 
				
				   changed_when: "'Bootstrapping dependencies' in le_deps_result.stdout"
			
 
				
				 
			
 
				
				+- name: Create directory for pre-renewal scripts
			
 
				
				+  file: state=directory path=/etc/letsencrypt/prerenew group=root owner=root
			
 
				
				+
			
 
				
				 - name: Create directory for post-renewal scripts
			
 
				
				   file: state=directory path=/etc/letsencrypt/postrenew group=root owner=root
			
 
				
				 
			
 
				
				+- name: Create pre-renew hook to stop apache
			
 
				
				+  copy:
			
 
				
				+    content: "#!/bin/bash\n\nservice apache2 stop\n"
			
 
				
				+    dest: /etc/letsencrypt/prerenew/apache
			
 
				
				+    owner: root
			
 
				
				+    group: root
			
 
				
				+    mode: 0755
			
 
				
				+
			
 
				
				+- name: Create post-renew hook to start apache
			
 
				
				+  copy:
			
 
				
				+    content: "#!/bin/bash\n\nservice apache2 start\n"
			
 
				
				+    dest: /etc/letsencrypt/postrenew/apache
			
 
				
				+    owner: root
			
 
				
				+    group: root
			
 
				
				+    mode: 0755
			
 
				
				+
			
 
				
				 - name: Install crontab entry for LetsEncrypt
			
 
				
				   copy:
			
 
				
				-    src=etc_cron-daily_letsencrypt-renew
			
 
				
				-    dest=/etc/cron.daily/letsencrypt-renew
			
 
				
				-    owner=root
			
 
				
				-    group=root
			
 
				
				-    mode=0755
			
 
				
				+    src: etc_cron-daily_letsencrypt-renew
			
 
				
				+    dest: /etc/cron.daily/letsencrypt-renew
			
 
				
				+    owner: root
			
 
				
				+    group: root
			
 
				
				+    mode: 0755
			
 
				
				 
			
 
				
				 - name: Create live directory for LetsEncrypt cron job
			
 
				
				   file: state=directory path=/etc/letsencrypt/live group=root owner=root