Playbooks to a new Lilik
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

37 lines
1.5 KiB

  1. - name: provision ssl host private key
  2. openssl_privatekey:
  3. path: "{{ item.server.ssl_certificate_key }}"
  4. - name: generate certificate signing request
  5. command: >
  6. openssl req
  7. -new
  8. -sha256
  9. -nodes
  10. -key {{ item.server.ssl_certificate_key }}
  11. -out {{ item.letsencrypt.ssl_csr | default(item.server.ssl_certificate~".csr") }}
  12. -subj "/C={{ item.letsencrypt.ssl_country | default(letsencrypt_ssl_country)
  13. }}/ST={{ item.letsencrypt.ssl_state | default(letsencrypt_ssl_state)
  14. }}/L{{ item.letsencrypt.ssl_loc | default(letsencrypt_ssl_loc)
  15. }}/O={{ item.letsencrypt.ssl_org | default(letsencrypt_ssl_org)
  16. }}/CN={{ item.letsencrypt.ssl_cn | default(item.server.server_name)
  17. }}/emailAddress={{ item.letsencrypt.ssl_email | default(letsencrypt_ssl_email) }}"
  18. - name: get challenge(s) from letsencrypt server
  19. letsencrypt:
  20. account_key: "{{ letsencrypt_account_key }}"
  21. csr: "{{ item.letsencrypt.ssl_csr | default(item.server.ssl_certificate~'.csr') }}"
  22. dest: "{{ item.server.ssl_certificate }}"
  23. register: letsencrypt_challenge
  24. - name: store challenge(s) in local dir
  25. include: store_challenge.yaml
  26. when: letsencrypt_challenge|changed
  27. - name: get signed certificate(s) from letsencrypt server
  28. letsencrypt:
  29. account_key: "{{ letsencrypt_account_key }}"
  30. csr: "{{ item.letsencrypt.ssl_csr | default(item.server.ssl_certificate~'.csr') }}"
  31. dest: "{{ item.server.ssl_certificate }}"
  32. data: "{{ letsencrypt_challenge }}"
  33. notify: restart nginx