You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
37 lines
1.5 KiB
37 lines
1.5 KiB
- name: provision ssl host private key
|
|
openssl_privatekey:
|
|
path: "{{ item.server.ssl_certificate_key }}"
|
|
|
|
- name: generate certificate signing request
|
|
command: >
|
|
openssl req
|
|
-new
|
|
-sha256
|
|
-nodes
|
|
-key {{ item.server.ssl_certificate_key }}
|
|
-out {{ item.letsencrypt.ssl_csr | default(item.server.ssl_certificate~".csr") }}
|
|
-subj "/C={{ item.letsencrypt.ssl_country | default(letsencrypt_ssl_country)
|
|
}}/ST={{ item.letsencrypt.ssl_state | default(letsencrypt_ssl_state)
|
|
}}/L{{ item.letsencrypt.ssl_loc | default(letsencrypt_ssl_loc)
|
|
}}/O={{ item.letsencrypt.ssl_org | default(letsencrypt_ssl_org)
|
|
}}/CN={{ item.letsencrypt.ssl_cn | default(item.server.server_name)
|
|
}}/emailAddress={{ item.letsencrypt.ssl_email | default(letsencrypt_ssl_email) }}"
|
|
|
|
- name: get challenge(s) from letsencrypt server
|
|
letsencrypt:
|
|
account_key: "{{ letsencrypt_account_key }}"
|
|
csr: "{{ item.letsencrypt.ssl_csr | default(item.server.ssl_certificate~'.csr') }}"
|
|
dest: "{{ item.server.ssl_certificate }}"
|
|
register: letsencrypt_challenge
|
|
|
|
- name: store challenge(s) in local dir
|
|
include: store_challenge.yaml
|
|
when: letsencrypt_challenge|changed
|
|
|
|
- name: get signed certificate(s) from letsencrypt server
|
|
letsencrypt:
|
|
account_key: "{{ letsencrypt_account_key }}"
|
|
csr: "{{ item.letsencrypt.ssl_csr | default(item.server.ssl_certificate~'.csr') }}"
|
|
dest: "{{ item.server.ssl_certificate }}"
|
|
data: "{{ letsencrypt_challenge }}"
|
|
notify: restart nginx
|