- - name: provision ssl host private key
- openssl_privatekey:
- path: "{{ item.server.ssl_certificate_key }}"
-
- - name: generate certificate signing request
- command: >
- openssl req
- -new
- -sha256
- -nodes
- -key {{ item.server.ssl_certificate_key }}
- -out {{ item.letsencrypt.ssl_csr | default(item.server.ssl_certificate~".csr") }}
- -subj "/C={{ item.letsencrypt.ssl_country | default(letsencrypt_ssl_country)
- }}/ST={{ item.letsencrypt.ssl_state | default(letsencrypt_ssl_state)
- }}/L{{ item.letsencrypt.ssl_loc | default(letsencrypt_ssl_loc)
- }}/O={{ item.letsencrypt.ssl_org | default(letsencrypt_ssl_org)
- }}/CN={{ item.letsencrypt.ssl_cn | default(item.server.server_name)
- }}/emailAddress={{ item.letsencrypt.ssl_email | default(letsencrypt_ssl_email) }}"
-
- - name: get challenge(s) from letsencrypt server
- letsencrypt:
- account_key: "{{ letsencrypt_account_key }}"
- csr: "{{ item.letsencrypt.ssl_csr | default(item.server.ssl_certificate~'.csr') }}"
- dest: "{{ item.server.ssl_certificate }}"
- acme_directory: "{{ letsencrypt_acme_dir | default(omit) }}"
- register: letsencrypt_challenge
-
- - name: store challenge(s) in local dir
- include: store_challenge.yaml
- when: letsencrypt_challenge|changed
-
- - pause:
- prompt: "LETSENCRYPT REMOTE VERIFICATION REQUIRED!. Perform any action to
- make server reachable from outside, then press ENTER to start
- verification"
- when: letsencrypt_challenge|changed and letsencrypt_pause|bool
-
- - name: get signed certificate(s) from letsencrypt server
- letsencrypt:
- account_key: "{{ letsencrypt_account_key }}"
- csr: "{{ item.letsencrypt.ssl_csr | default(item.server.ssl_certificate~'.csr') }}"
- dest: "{{ item.server.ssl_certificate }}"
- acme_directory: "{{ letsencrypt_acme_dir | default(omit) }}"
- data: "{{ letsencrypt_challenge }}"
- notify: restart nginx
|
