LILiK
/
lilik_playbook
5
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Browse Source

add chaining intermediat in target crt

nginx-letsencrypt
Zolfa 8 years ago
parent
1b76775fc8
commit
6e9fc282cf
2 changed files with 13 additions and 1 deletions
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +2
    -0
      roles/nginx/defaults/main.yml
  2. +11
    -1
      roles/nginx/tasks/letsencrypt.yaml

+ 2
- 0
roles/nginx/defaults/main.yml View File

@ -19,6 +19,8 @@ nginx_separate_logs_per_site: False
letsencrypt_pause: false letsencrypt_pause: false
letsencrypt_account_key: "/etc/ssl/private/letsencrypt.key.pem" letsencrypt_account_key: "/etc/ssl/private/letsencrypt.key.pem"
letsencrypt_intermediate_url: "https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem"
letsencrypt_intermediate_crt: "/etc/ssl/private/intermediatex3.crt"
letsencrypt_challenge_webroot: "/var/www/html" letsencrypt_challenge_webroot: "/var/www/html"
letsencrypt_ssl_country: "IT" letsencrypt_ssl_country: "IT"
letsencrypt_ssl_state: "Italy" letsencrypt_ssl_state: "Italy"


+ 11
- 1
roles/nginx/tasks/letsencrypt.yaml View File

@ -12,7 +12,7 @@
-out {{ item.letsencrypt.ssl_csr | default(item.server.ssl_certificate~".csr") }} -out {{ item.letsencrypt.ssl_csr | default(item.server.ssl_certificate~".csr") }}
-subj "/C={{ item.letsencrypt.ssl_country | default(letsencrypt_ssl_country) -subj "/C={{ item.letsencrypt.ssl_country | default(letsencrypt_ssl_country)
}}/ST={{ item.letsencrypt.ssl_state | default(letsencrypt_ssl_state) }}/ST={{ item.letsencrypt.ssl_state | default(letsencrypt_ssl_state)
}}/L{{ item.letsencrypt.ssl_loc | default(letsencrypt_ssl_loc)
}}/L={{ item.letsencrypt.ssl_loc | default(letsencrypt_ssl_loc)
}}/O={{ item.letsencrypt.ssl_org | default(letsencrypt_ssl_org) }}/O={{ item.letsencrypt.ssl_org | default(letsencrypt_ssl_org)
}}/CN={{ item.letsencrypt.ssl_cn | default(item.server.server_name) }}/CN={{ item.letsencrypt.ssl_cn | default(item.server.server_name)
}}/emailAddress={{ item.letsencrypt.ssl_email | default(letsencrypt_ssl_email) }}" }}/emailAddress={{ item.letsencrypt.ssl_email | default(letsencrypt_ssl_email) }}"
@ -43,3 +43,13 @@
acme_directory: "{{ letsencrypt_acme_dir | default(omit) }}" acme_directory: "{{ letsencrypt_acme_dir | default(omit) }}"
data: "{{ letsencrypt_challenge }}" data: "{{ letsencrypt_challenge }}"
notify: restart nginx notify: restart nginx
- name: download intermediate cert for chaining
get_url:
url: "{{ letsencrypt_intermediate_url }}"
dest: "{{ letsencrypt_intermediate_crt }}"
when: letsencrypt_challenge|changed
- name: chaining intermediate certificate
shell: "cat {{ letsencrypt_intermediate_crt }} >> {{ item.server.ssl_certificate }}"
when: letsencrypt_challenge|changed

Write Preview
Loading…
Cancel
Save