Upstream
/
ansible-acme-sh
mirror of https://github.com/nickjj/ansible-acme-sh.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

HOTFIX: Certificate Ownership.

This commit is contained in:
Lucas Maurice 2020-04-17 19:02:13 -04:00 committed by GitHub
parent 0bf697a041
commit a2e247f2e0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 17 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
tasks/main.yml
View File

@ -74,39 +74,26 @@
failed_when: install_cert_result.rc != 0 and "Reload error for" not in install_cert_result.stderr
notify: reload services
- name: Issue acme.sh certificate(s)
command: >-
./acme.sh --issue -d {{ item.domain }} --dns dns_cf
{{ "--force" if item.force_issue | default(false) or item.force_renew | default(false) else "" }}
{{ "--staging" if item.staging | default(false) else "" }}
{{ "--debug" if item.debug | default(false) else "" }}
args:
chdir: "{{ acme_sh_git_clone_dest }}"
environment:
- "CF_Token": "{{ acme_cloudflare_token }}"
- "CF_Account_ID": "{{ acme_cloudflare_account_id }}"
- "CF_Zone_ID": "{{ acme_cloudflare_zone_id }}"
when: not item.remove | default(false)
- name: Change certificate ownership and permission
file:
path: "{{ item.path | default(acme_sh_copy_certs_to_path) }}/{{ item.domain }}.pem"
owner: "{{ item.owner | default('root') }}"
group: "{{ item.group | default('root') }}"
mode: '0644'
loop: "{{ acme_sh_domains }}"
when: not item.remove | default(false)
register: install_cert_result
notify: reload services
- name: Change key ownership and permission
file:
path: "{{ item.path | default(acme_sh_copy_certs_to_path) }}/{{ item.domain }}.key"
owner: "{{ item.owner | default('root') }}"
group: "{{ item.group | default('root') }}"
mode: '0600'
loop: "{{ acme_sh_domains }}"
register: issue_result
changed_when: issue_result.rc == 0 and "Cert success" in issue_result.stdout and not item.force_renew | default(false)
failed_when: issue_result.rc != 0 and "Domains not changed" not in issue_result.stdout
- name: Install acme.sh certificate(s)
command: >-
./acme.sh --install-cert -d {{ item.domain }}
--key-file {{ item.path | default(acme_sh_copy_certs_to_path) }}/{{ item.domain }}.key
--fullchain-file {{ item.path | default(acme_sh_copy_certs_to_path) }}/{{ item.domain }}.pem
{{ "--debug" if item.debug | default(false) else "" }}
args:
chdir: "{{ acme_sh_git_clone_dest }}"
loop: "{{ acme_sh_domains }}"
loop_control:
index_var: domains_index
when: not item.remove | default(false)
register: install_cert_result
changed_when: issue_result.results[domains_index].changed
failed_when: install_cert_result.rc != 0 and "Reload error for" not in install_cert_result.stderr
notify: reload services
- name: Remove acme.sh's cloned source code, installation path and log files