40 lines
1.1 KiB
YAML
40 lines
1.1 KiB
YAML
|
---
|
||
|
|
- name: Install certbot
|
||
|
|
get_url:
|
||
|
|
url: https://dl.eff.org/certbot-auto
|
||
|
|
dest: /usr/bin/certbot-auto
|
||
|
|
mode: "a+x"
|
||
|
|
tags:
|
||
|
|
- letsencrypt
|
||
|
|
|
||
|
|
- name: Generate certs (first time)
|
||
|
|
command: certbot-auto certonly --webroot -w /var/www/{{ item.key }} -d {{ item.value.domains | join(' -d ') }} --email {{ item.value.letsencrypt_email }} --non-interactive --agree-tos creates=/etc/letsencrypt/live/{{ item.key }}/fullchain.pem
|
||
|
|
with_dict: "{{ nginx_revproxy_sites }}"
|
||
|
|
when: item.value.letsencrypt | default(False)
|
||
|
|
tags:
|
||
|
|
- letsencrypt
|
||
|
|
|
||
|
|
- name: Update Site Config
|
||
|
|
template:
|
||
|
|
src=reverseproxy_ssl.conf.j2
|
||
|
|
dest=/etc/nginx/sites-available/{{ item.key }}.conf
|
||
|
|
owner=root
|
||
|
|
group=root
|
||
|
|
with_dict: "{{ nginx_revproxy_sites }}"
|
||
|
|
when:
|
||
|
|
- item.value.letsencrypt | default(False)
|
||
|
|
notify:
|
||
|
|
- Reload Nginx
|
||
|
|
tags:
|
||
|
|
- letsencrypt
|
||
|
|
|
||
|
|
- name: Insert cert-bot renew in crontab
|
||
|
|
cron:
|
||
|
|
name: "cert-bot renew"
|
||
|
|
minute: 30
|
||
|
|
hour: 3
|
||
|
|
weekday: 1
|
||
|
|
job: 'certbot-auto renew --post-hook "systemctl reload nginx" >> /var/log/letsencrypt/letsencrypt-update.log 2>&1'
|
||
|
|
tags:
|
||
|
|
- letsencrypt
|