LILiK
/
lilik_playbook
5
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Playbooks to a new Lilik
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
142 Commits
12 Branches
967 KiB
 
 
 
 
Tree: 1b76775fc8
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '1b76775fc8'
${ noResults }
lilik_playbook/roles/nginx/tasks/letsencrypt.yaml

45 lines
1.9 KiB
Raw Blame History

- name: provision ssl host private key
openssl_privatekey:
path: "{{ item.server.ssl_certificate_key }}"
- name: generate certificate signing request
command: >
openssl req
-new
-sha256
-nodes
-key {{ item.server.ssl_certificate_key }}
-out {{ item.letsencrypt.ssl_csr | default(item.server.ssl_certificate~".csr") }}
-subj "/C={{ item.letsencrypt.ssl_country | default(letsencrypt_ssl_country)
}}/ST={{ item.letsencrypt.ssl_state | default(letsencrypt_ssl_state)
}}/L{{ item.letsencrypt.ssl_loc | default(letsencrypt_ssl_loc)
}}/O={{ item.letsencrypt.ssl_org | default(letsencrypt_ssl_org)
}}/CN={{ item.letsencrypt.ssl_cn | default(item.server.server_name)
}}/emailAddress={{ item.letsencrypt.ssl_email | default(letsencrypt_ssl_email) }}"
- name: get challenge(s) from letsencrypt server
letsencrypt:
account_key: "{{ letsencrypt_account_key }}"
csr: "{{ item.letsencrypt.ssl_csr | default(item.server.ssl_certificate~'.csr') }}"
dest: "{{ item.server.ssl_certificate }}"
acme_directory: "{{ letsencrypt_acme_dir | default(omit) }}"
register: letsencrypt_challenge
- name: store challenge(s) in local dir
include: store_challenge.yaml
when: letsencrypt_challenge|changed
- pause:
prompt: "LETSENCRYPT REMOTE VERIFICATION REQUIRED!. Perform any action to
make server reachable from outside, then press ENTER to start
verification"
when: letsencrypt_challenge|changed and letsencrypt_pause|bool
- name: get signed certificate(s) from letsencrypt server
letsencrypt:
account_key: "{{ letsencrypt_account_key }}"
csr: "{{ item.letsencrypt.ssl_csr | default(item.server.ssl_certificate~'.csr') }}"
dest: "{{ item.server.ssl_certificate }}"
acme_directory: "{{ letsencrypt_acme_dir | default(omit) }}"
data: "{{ letsencrypt_challenge }}"
notify: restart nginx