New certbot role covering standalone and webroot setups

This commit is contained in:
Fritz Grimpen 2021-02-02 21:49:20 +00:00
parent ca2aeff2f3
commit d5a03479af
7 changed files with 52 additions and 0 deletions

View file

@ -10,3 +10,9 @@ user_mgmt:
fritz: fritz:
state: present state: present
groups: sudo groups: sudo
certbot_certs:
- [ "wiki.ccchb.de" ]
- [ "ccchb.de", "www.ccchb.de" ]
- [ "files.ccchb.de" ]

View file

@ -0,0 +1,11 @@
---
certbot_admin_email: hostmaster@ccchb.de
certbot_package: letsencrypt
certbot_method: webroot
certbot_webroot: /var/www/html
certbot_certs: []
certbot_renew: true

View file

@ -0,0 +1,22 @@
---
- name: Enable certbot timer.
systemd:
name: certbot.timer
enabled: yes
- name: Install certbot.
package:
name: "{{ certbot_package }}"
state: present
- name: Check for presence of certificates.
stat:
path: "/etc/letsencrypt/live/{{ item | first | replace(\"*.\", \"\") }}/cert.pem"
register: certs_presence
loop: "{{ certbot_certs }}"
- name: Obtain certificates.
include_tasks: 'obtain_{{ certbot_method }}.yml'
when: not item.stat.exists
loop: "{{ certs_presence.results }}"
...

View file

@ -0,0 +1,4 @@
---
- name: "Obtain certificate for {{ item.item | join(',') }}"
command: "certbot certonly --agree-tos -m {{ certbot_admin_email | quote }} -d {{ item.item | join(',') }} --standalone"
...

View file

@ -0,0 +1,4 @@
---
- name: "Obtain certificate for {{ item.item | join(',') }}"
command: "certbot certonly --agree-tos -m {{ certbot_admin_email | quote }} -d {{ item.item | join(',') }} --webroot -w {{ certbot_webroot | quote }}"
...

View file

@ -0,0 +1,4 @@
location /.well-known/acme-challenge/ {
alias {{ certbot_webroot }}/.well-known/acme-challenge/;
allow all;
}

View file

@ -4,3 +4,4 @@
become: yes become: yes
roles: roles:
- mediawiki - mediawiki
- certbot