You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
54 lines
1.1 KiB
54 lines
1.1 KiB
---
|
|
- name: install certbot
|
|
apt:
|
|
name: "{{ item }}"
|
|
state: present
|
|
update_cache: true
|
|
cache_valid_time: 3600
|
|
with_items:
|
|
- certbot
|
|
- sendmail-bin
|
|
- cron
|
|
|
|
- name: Shutdown webservers
|
|
service:
|
|
name: "{{ webserver_name }}"
|
|
state: stopped
|
|
ignore_errors: yes
|
|
|
|
- name: request certificate
|
|
command: >
|
|
certbot
|
|
certonly
|
|
-a standalone
|
|
--agree-tos
|
|
--email roots@lists.lilik.it
|
|
--preferred-challenges http
|
|
-d {{ server_fqdn }}
|
|
-d www.{{ server_fqdn }}
|
|
-n
|
|
args:
|
|
creates: /etc/letsencrypt/live/{{ server_fqdn }}/cert.pem
|
|
|
|
- name: Restart webservers
|
|
service:
|
|
name: "{{ webserver_name }}"
|
|
state: started
|
|
ignore_errors: yes
|
|
|
|
- name: Add systemd timer for cert renewal
|
|
template:
|
|
src: certbot.timer
|
|
dest: /etc/systemd/system/certbot.timer
|
|
|
|
- name: Add systemd service for cert renewal
|
|
template:
|
|
src: certbot.service
|
|
dest: /etc/systemd/system/certbot.service
|
|
|
|
- name: Enable timer
|
|
systemd:
|
|
name: certbot.timer
|
|
state: started
|
|
enabled: true
|
|
daemon_reload: true
|