46 lines
1 KiB
YAML
46 lines
1 KiB
YAML
- name: install certbot package
|
|
apt:
|
|
name: '{{ item }}'
|
|
default_release: '{{ certbot_distribution|default(ansible_distribution_release) }}'
|
|
state: present
|
|
with_items:
|
|
- certbot
|
|
- cron
|
|
tags: certbot
|
|
|
|
- name: create webroot path directory
|
|
file:
|
|
path: '{{ certbot_path }}'
|
|
owner: root
|
|
group: root
|
|
mode: 0755
|
|
state: directory
|
|
tags: certbot
|
|
|
|
- name: install certbot-renew binary
|
|
copy:
|
|
src: certbot-renew
|
|
dest: /usr/local/bin/certbot-renew
|
|
owner: root
|
|
group: root
|
|
mode: 0755
|
|
tags: certbot
|
|
|
|
- name: install certbot renew configuration
|
|
template:
|
|
src: renew.cfg.j2
|
|
dest: /etc/letsencrypt/renew.cfg
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
tags: certbot
|
|
|
|
- name: add certbot renew cron
|
|
lineinfile:
|
|
path: /etc/cron.d/certbot
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
regexp: '^0 */12 * * * root'
|
|
line: "0 */12 * * * root perl -e 'sleep int(rand(3600))' && certbot -q renew --renew-hook /usr/local/bin/certbot-renew"
|
|
tags: certbot
|