Merge 0428efbfe8
into 76c835e9f7
This commit is contained in:
commit
5bdeb6ac20
44
README.md
44
README.md
|
@ -165,6 +165,22 @@ acme_sh_default_dns_provider: "dns_dgon"
|
|||
# "DO_API_KEY": "THE_API_SECRET_TOKEN_FROM_THE_DO_DASHBOARD"
|
||||
acme_sh_default_dns_provider_api_keys: {}
|
||||
|
||||
# What are your the Deploy ENV Vars?
|
||||
# The key names to use can be found at:
|
||||
# https://github.com/acmesh-official/acme.sh/wiki/deployhooks
|
||||
# Just add them as key / value pairs here
|
||||
# without the "export ".
|
||||
#
|
||||
# For example if you were using haproxy as deploy hook you would enter:
|
||||
# acme_sh_default_deploy_env_vars:
|
||||
# "DEPLOY_HAPROXY_PEM_PATH": "/etc/haproxy"
|
||||
# "DEPLOY_HAPROXY_RELOAD":"/usr/sbin/service haproxy restart"
|
||||
acme_sh_default_deploy_env_vars: {}
|
||||
|
||||
# When set to a non-empty string, this hook will be executed after issuing a certificate.
|
||||
# Examples: https://github.com/acmesh-official/acme.sh/wiki/deployhooks
|
||||
acme_sh_default_deploy_hook: ""
|
||||
|
||||
# How long should acme.sh sleep after attempting to set the TXT record to your
|
||||
# DNS records? Some DNS providers do not update as fast as others.
|
||||
#
|
||||
|
@ -197,6 +213,13 @@ acme_sh_default_extra_flags_renew: ""
|
|||
# Installing is different than issuing and we'll cover that later.
|
||||
acme_sh_default_extra_flags_install_cert: ""
|
||||
|
||||
# When deploying certificates via `deploy` command, you can choose to add additional flags that
|
||||
# are not present here by default. Supply them just as you would on the command
|
||||
# line, such as "--help".
|
||||
#
|
||||
# Installing is different than issuing and we'll cover that later.
|
||||
acme_sh_default_extra_flags_deploy_cert: ""
|
||||
|
||||
# When a certificate is issued or renewed, acme.sh will attempt to run a command
|
||||
# of your choosing. This could be to restart or reload your web server or proxy.
|
||||
#
|
||||
|
@ -259,6 +282,9 @@ acme_sh_domains:
|
|||
# force_renew: False
|
||||
# # Optionally turn on debug mode.
|
||||
# debug: True
|
||||
# # Optionally override the default environment variables used by deploy command.
|
||||
# deploy_env_vars:
|
||||
# "DEPLOY_HAPROXY_PEM_PATH": "/etc/haproxy"
|
||||
# # Optionally override the default DNS provider.
|
||||
# dns_provider: "dns_namesilo"
|
||||
# # Optionally override the default DNS API keys.
|
||||
|
@ -266,10 +292,11 @@ acme_sh_domains:
|
|||
# "Namesilo_Key": "THE_API_SECRET_TOKEN_FROM_THE_NAMESILO_DASHBOARD"
|
||||
# # Optionally override the default DNS sleep time.
|
||||
# dns_sleep: 900
|
||||
# # Optionally add extra flags to any of these 3 actions:
|
||||
# # Optionally add extra flags to any of these 4 actions:
|
||||
# extra_flags_issue: ""
|
||||
# extra_flags_renew: ""
|
||||
# extra_flags_install_cert: ""
|
||||
# extra_flags_deploy_cert: ""
|
||||
# # Optionally set a different reload command.
|
||||
# install_cert_reloadcmd: "whoami"
|
||||
# # Optionally run commands during different points in the cert issue process:
|
||||
|
@ -278,6 +305,8 @@ acme_sh_domains:
|
|||
# extra_issue_renew_hook: ""
|
||||
# # Optionally remove and disable the certificate.
|
||||
# remove: True
|
||||
# # Optionally call a deploy_hook see : https://github.com/acmesh-official/acme.sh/wiki/deployhooks
|
||||
# deploy_hook: ""
|
||||
```
|
||||
|
||||
## Example usage
|
||||
|
@ -376,6 +405,19 @@ acme_sh_domains:
|
|||
force_renew: True
|
||||
```
|
||||
|
||||
# ------------------------------------------------------------------------------
|
||||
|
||||
# 2 certificate files using the same example, with a different deploy hook for each.
|
||||
# This will product the following result for domain :
|
||||
# - example.com the hook will deploy the cert (well formated) to a local haproxy server
|
||||
# - admin.example.com the hook will deploy certificates to a remote host using SSH
|
||||
acme_sh_domains:
|
||||
- domains: ["example.com", "www.example.com"]
|
||||
deploy_hook: "haproxy"
|
||||
- domains: ["admin.example.com"]
|
||||
deploy_hook: "ssh"
|
||||
```
|
||||
|
||||
*If you're looking for an Ansible role to create users, then check out my
|
||||
[user role](https://github.com/nickjj/ansible-user)*.
|
||||
|
||||
|
|
|
@ -34,6 +34,10 @@ acme_sh_default_dns_sleep: 120
|
|||
acme_sh_default_extra_flags_issue: ""
|
||||
acme_sh_default_extra_flags_renew: ""
|
||||
acme_sh_default_extra_flags_install_cert: ""
|
||||
acme_sh_default_extra_flags_deploy_cert: ""
|
||||
|
||||
acme_sh_default_deploy_env_vars: {}
|
||||
acme_sh_default_deploy_hook: ""
|
||||
|
||||
acme_sh_default_install_cert_reloadcmd: "sudo service nginx reload"
|
||||
|
||||
|
|
|
@ -211,6 +211,7 @@
|
|||
when:
|
||||
- acme_sh_domains and item.domains is defined and item.domains
|
||||
- item.custom_command is undefined or not item.custom_command
|
||||
- item.deploy_hook is undefined or not item.deploy_hook or acme_sh_default_deploy_hook
|
||||
- item.remove is undefined or not item.remove
|
||||
- not acme_sh_uninstall
|
||||
become_user: "{{ acme_sh_become_user }}"
|
||||
|
@ -218,6 +219,31 @@
|
|||
changed_when: issue_result.results[domains_index].changed or renew_result.results[domains_index].changed
|
||||
failed_when: install_cert_result.rc != 0 and "Reload error for" not in install_cert_result.stderr
|
||||
|
||||
- name: Deploy acme.sh certificate(s)
|
||||
command: >-
|
||||
./acme.sh --deploy -d {{ item.domains | first }}
|
||||
--deploy-hook {{ item.deploy_hook | default(acme_sh_default_deploy_hook)}}
|
||||
{{ "--debug" if item.debug | default(acme_sh_default_debug) else "" }}
|
||||
{{ item.extra_flags_deploy_cert | default(acme_sh_default_extra_flags_deploy_cert) }}
|
||||
args:
|
||||
chdir: "~/.acme.sh"
|
||||
loop: "{{ acme_sh_domains }}"
|
||||
loop_control:
|
||||
index_var: domains_index
|
||||
environment: "{{ item.deploy_env_vars | default(acme_sh_default_deploy_env_vars) }}"
|
||||
when:
|
||||
- acme_sh_domains and item.domains is defined and item.domains
|
||||
- (item.deploy_hook is defined and item.deploy_hook) or acme_sh_default_deploy_hook
|
||||
- item.deploy_env_vars | default(acme_sh_default_deploy_env_vars)
|
||||
- item.custom_command is undefined or not item.custom_command
|
||||
- item.remove is undefined or not item.remove
|
||||
- not acme_sh_uninstall
|
||||
become_user: "{{ acme_sh_become_user }}"
|
||||
register: deploy_cert_result
|
||||
changed_when: issue_result.results[domains_index].changed or renew_result.results[domains_index].changed
|
||||
failed_when: deploy_cert_result.rc != 0 and "Reload error for" not in deploy_cert_result.stderr
|
||||
|
||||
|
||||
- name: Register acme.sh certificate information
|
||||
command: ./acme.sh --list
|
||||
args:
|
||||
|
|
Loading…
Reference in New Issue