40 lines
1.4 KiB
YAML
40 lines
1.4 KiB
YAML
---
|
|
- name: Check if certificate exist
|
|
ansible.builtin.stat:
|
|
path: "/etc/letsencrypt/live/{{ item.key }}"
|
|
loop: "{{ certbot_domains | dict2items }}"
|
|
loop_control:
|
|
label: "{{ item.key }}"
|
|
register: st
|
|
tags: certbot
|
|
|
|
- name: Check if a webservice is started
|
|
ansible.builtin.wait_for:
|
|
port: "{{ certbot_port }}"
|
|
state: started
|
|
timeout: 2
|
|
ignore_errors: true
|
|
register: web
|
|
tags: certbot
|
|
|
|
- name: Create a new certificate # noqa no-changed-when
|
|
ansible.builtin.command: >
|
|
certbot certonly -n --agree-tos -d {{ item.item.key }} -m {{ certbot_mail }}
|
|
--webroot --webroot-path {{ certbot_path }} --rsa-key-size {{ certbot_key_size }}
|
|
--deploy-hook /etc/letsencrypt/hook-{{ item.item.key }}
|
|
loop: "{{ st.results }}"
|
|
loop_control:
|
|
label: "{{ item.item.key }}"
|
|
when: (certbot_role == "master" or item.item.key == ansible_fqdn) and not item.stat.exists and not web.failed
|
|
tags: certbot
|
|
|
|
- name: Create a new certificate (standalone) # noqa no-changed-when
|
|
ansible.builtin.command: >
|
|
certbot certonly -n --agree-tos -d {{ item.item.key }} -m {{ certbot_mail }}
|
|
--standalone --rsa-key-size {{ certbot_key_size }} --deploy-hook /etc/letsencrypt/hook-{{ item.item.key }}
|
|
--http-01-port {{ certbot_port }}
|
|
loop: "{{ st.results }}"
|
|
loop_control:
|
|
label: "{{ item.item.key }}"
|
|
when: (certbot_role == "master" or item.item.key == ansible_fqdn) and not item.stat.exists and web.failed
|
|
tags: certbot
|