LILiK
/
lilik_playbook
5
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Playbooks to a new Lilik
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
462 Commits
12 Branches
967 KiB
 
 
 
 
Tree: 96aba4b73e
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '96aba4b73e'
${ noResults }
lilik_playbook/roles/certbot/tasks/main.yaml

79 lines
1.7 KiB
Raw Blame History

---
- name: 'install certbot'
apt:
pkg:
- 'certbot'
- 'sendmail-bin'
- 'cron'
state: 'present'
update_cache: true
cache_valid_time: 3600
tags:
- 'install'
- 'role::certbot'
- 'role::certbot::install'
# Standard nginx installation should not listen on port 80
# -> This is probably not required.
#- name: 'shutdown webservers'
# service:
# name: '{{ webserver_name }}'
# state: 'stopped'
# ignore_errors: true
- name: 'request certificate'
command: >
certbot
certonly
-a standalone
--agree-tos
--email {{ letsencrypt_email }}
--preferred-challenges http
-d {{ certbot_site_fqdn }}
{% for fqdn in certbot_site_alternate_fqdns %}
-d {{ fqdn }}
{% endfor %}
-n
args:
creates: '/etc/letsencrypt/live/{{ certbot_site_fqdn }}/cert.pem'
tags:
- 'configure'
- 'role::certbot::configure'
- 'pki'
- 'pki::acme'
#- name: 'restart webservers'
# service:
# name: '{{ webserver_name }}'
# state: 'started'
# ignore_errors: true
- name: 'add systemd timer for cert renewal'
template:
src: 'certbot.timer'
dest: '/etc/systemd/system/certbot.timer'
tags:
- 'install'
- 'role::certbot'
- 'role::certbot::install'
- name: 'add systemd service for cert renewal'
template:
src: 'certbot.service'
dest: '/etc/systemd/system/certbot.service'
tags:
- 'install'
- 'role::certbot'
- 'role::certbot::install'
- name: 'enable timer'
systemd:
name: 'certbot.timer'
state: 'started'
enabled: true
daemon_reload: true
tags:
- 'install'
- 'role::certbot'
- 'role::certbot::install'
...