ansible-role-certbot/tasks/certificates.yml

---
- name: check if certificate exist
  ansible.builtin.stat:
    path: '/etc/letsencrypt/live/{{ item.key }}'
  loop: '{{ certbot_domains|dict2items }}'
  loop_control:
    label: '{{ item.key }}'
  register: st
  tags: certbot

- name: check if a webservice is started
  ansible.builtin.wait_for:
    port: '{{ certbot_port }}'
    state: started
    timeout: 2
  ignore_errors: true
  register: web
  tags: certbot

- name: create a new certificate
  ansible.builtin.command: >
    certbot certonly -n --agree-tos -d {{ item.item.key }} -m {{ certbot_mail }}
    --webroot --webroot-path {{ certbot_path }} --rsa-key-size {{ certbot_key_size }}
    --deploy-hook /etc/letsencrypt/hook-{{ item.item.key }}
  loop: '{{ st.results }}'
  loop_control:
    label: '{{ item.item.key }}'
  when: (certbot_role == 'master' or item.item.name == ansible_fqdn) and not item.stat.exists and not web.failed
  tags: certbot

- name: create a new certificate (standalone)
  ansible.builtin.command: >
    certbot certonly -n --agree-tos -d {{ item.item.key }} -m {{ certbot_mail }}
    --standalone --rsa-key-size {{ certbot_key_size }} --deploy-hook /etc/letsencrypt/hook-{{ item.item.key }}
    --http-01-port {{ certbot_port }}
  loop: '{{ st.results }}'
  loop_control:
    label: '{{ item.item.key }}'
  when: (certbot_role == 'master' or item.item.name == ansible_fqdn) and not item.stat.exists and web.failed
  tags: certbot
style: fix to conform yamllint test 2018-11-29 18:55:28 +01:00			`---`
first version 2018-06-10 19:34:06 +02:00			`- name: check if certificate exist`
chore: use FQCN for module name 2021-08-24 18:18:42 +02:00			`ansible.builtin.stat:`
feat: add hook script and port 2022-01-03 15:27:56 +01:00			`path: '/etc/letsencrypt/live/{{ item.key }}'`
			`loop: '{{ certbot_domains\|dict2items }}'`
			`loop_control:`
			`label: '{{ item.key }}'`
first version 2018-06-10 19:34:06 +02:00			`register: st`
			`tags: certbot`

feat: add hook script and port 2022-01-03 15:27:56 +01:00			`- name: check if a webservice is started`
feat: check if the port 80 is used 2021-08-24 18:47:19 +02:00			`ansible.builtin.wait_for:`
feat: add hook script and port 2022-01-03 15:27:56 +01:00			`port: '{{ certbot_port }}'`
feat: check if the port 80 is used 2021-08-24 18:47:19 +02:00			`state: started`
feat: add hook script and port 2022-01-03 15:27:56 +01:00			`timeout: 2`
feat: check if the port 80 is used 2021-08-24 18:47:19 +02:00			`ignore_errors: true`
			`register: web`
first version 2018-06-10 19:34:06 +02:00			`tags: certbot`

			`- name: create a new certificate`
chore: use FQCN for module name 2021-08-24 18:18:42 +02:00			`ansible.builtin.command: >`
feat: add hook script and port 2022-01-03 15:27:56 +01:00			`certbot certonly -n --agree-tos -d {{ item.item.key }} -m {{ certbot_mail }}`
style: fix the lines too long 2018-11-26 18:12:43 +01:00			`--webroot --webroot-path {{ certbot_path }} --rsa-key-size {{ certbot_key_size }}`
feat: add hook script and port 2022-01-03 15:27:56 +01:00			`--deploy-hook /etc/letsencrypt/hook-{{ item.item.key }}`
break: change with_items to loop 2018-11-25 20:24:19 +01:00			`loop: '{{ st.results }}'`
feat: add hook script and port 2022-01-03 15:27:56 +01:00			`loop_control:`
			`label: '{{ item.item.key }}'`
feat: check if the port 80 is used 2021-08-24 18:47:19 +02:00			`when: (certbot_role == 'master' or item.item.name == ansible_fqdn) and not item.stat.exists and not web.failed`
first version 2018-06-10 19:34:06 +02:00			`tags: certbot`

			`- name: create a new certificate (standalone)`
chore: use FQCN for module name 2021-08-24 18:18:42 +02:00			`ansible.builtin.command: >`
feat: add hook script and port 2022-01-03 15:27:56 +01:00			`certbot certonly -n --agree-tos -d {{ item.item.key }} -m {{ certbot_mail }}`
			`--standalone --rsa-key-size {{ certbot_key_size }} --deploy-hook /etc/letsencrypt/hook-{{ item.item.key }}`
			`--http-01-port {{ certbot_port }}`
break: change with_items to loop 2018-11-25 20:24:19 +01:00			`loop: '{{ st.results }}'`
feat: add hook script and port 2022-01-03 15:27:56 +01:00			`loop_control:`
			`label: '{{ item.item.key }}'`
feat: check if the port 80 is used 2021-08-24 18:47:19 +02:00			`when: (certbot_role == 'master' or item.item.name == ansible_fqdn) and not item.stat.exists and web.failed`
first version 2018-06-10 19:34:06 +02:00			`tags: certbot`