Ingen beskrivning
Du kan inte välja fler än 25 ämnen Ämnen måste starta med en bokstav eller siffra, kan innehålla bindestreck ('-') och vara max 35 tecken långa.

letsencrypt.yml 2.4KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879
  1. - name: Add group name ssl-cert for SSL certificates
  2. group:
  3. name: ssl-cert
  4. state: present
  5. - name: add stretch-backport for Certbot
  6. apt_repository: repo='deb http://deb.debian.org/debian stretch-backports main' state=present update_cache=yes
  7. tags:
  8. - dependencies
  9. when: ansible_distribution_version == '9'
  10. - name: Install Certbot
  11. apt:
  12. name: "certbot"
  13. state: present
  14. default_release: stretch-backports
  15. tags:
  16. - dependencies
  17. when: ansible_distribution_version == '9'
  18. - name: Install Certbot
  19. apt:
  20. name: "certbot"
  21. state: present
  22. tags:
  23. - dependencies
  24. when: ansible_distribution_version == '10'
  25. - name: Create directory for LetsEncrypt configuration and certificates
  26. file: state=directory path=/etc/letsencrypt group=root owner=root
  27. - name: Configure LetsEncrypt
  28. template:
  29. src=etc_letsencrypt_cli.conf.j2
  30. dest=/etc/letsencrypt/cli.conf
  31. owner=root
  32. group=root
  33. - name: Create directory for pre-renewal scripts
  34. file: state=directory path=/etc/letsencrypt/prerenew group=root owner=root
  35. - name: Create directory for post-renewal scripts
  36. file: state=directory path=/etc/letsencrypt/postrenew group=root owner=root
  37. - name: Create pre-renew hook to stop apache
  38. copy:
  39. content: "#!/bin/bash\n\nservice apache2 stop\n"
  40. dest: /etc/letsencrypt/prerenew/apache
  41. owner: root
  42. group: root
  43. mode: 0755
  44. - name: Create post-renew hook to start apache
  45. copy:
  46. content: "#!/bin/bash\n\nservice apache2 start\n"
  47. dest: /etc/letsencrypt/postrenew/apache
  48. owner: root
  49. group: root
  50. mode: 0755
  51. - name: Install crontab entry for LetsEncrypt
  52. copy:
  53. src: etc_cron-daily_letsencrypt-renew
  54. dest: /etc/cron.daily/letsencrypt-renew
  55. owner: root
  56. group: root
  57. mode: 0755
  58. - name: Create live directory for LetsEncrypt cron job
  59. file: state=directory path=/etc/letsencrypt/live group=ssl-cert owner=root
  60. - name: Get an SSL certificate for {{ virtual_domains | json_query('[*].name') | join(' ') }} from Let's Encrypt
  61. script: letsencrypt-gencert {{ virtual_domains | json_query('[*].name') | join(' ') }} creates=/etc/letsencrypt/live/{{ domain }}/privkey.pem
  62. - name: Modify permissions to allow ssl-cert group access to archive
  63. file: path=/etc/letsencrypt/archive owner=root group=ssl-cert mode=0750 recurse=yes
  64. - name: Modify permissions to allow ssl-cert group access to live
  65. file: path=/etc/letsencrypt/live owner=root group=ssl-cert mode=0750 recurse=yes