mirror of
https://github.com/nickjj/ansible-acme-sh.git
synced 2024-11-01 07:39:29 +01:00
141 lines
4.7 KiB
YAML
141 lines
4.7 KiB
YAML
---
|
|
- name: Update apt cache.
|
|
apt:
|
|
update_cache: true
|
|
when: ansible_os_family == 'Debian'
|
|
changed_when: False
|
|
|
|
- name: Install dependencies
|
|
package:
|
|
name:
|
|
- git
|
|
- wget
|
|
state: present
|
|
|
|
- name: Create git clone path
|
|
file:
|
|
path: "{{ acme_sh_git_clone_dest | dirname }}"
|
|
state: "directory"
|
|
mode: "0755"
|
|
|
|
- name: Git clone acme.sh
|
|
git:
|
|
repo: "{{ acme_sh_git_url }}"
|
|
version: "{{ acme_sh_git_version }}"
|
|
dest: "{{ acme_sh_git_clone_dest }}"
|
|
update: true
|
|
changed_when: False
|
|
|
|
- name: Create certificate path
|
|
file:
|
|
path: "{{ item.path | default(acme_sh_copy_certs_to_path) }}"
|
|
state: "directory"
|
|
mode: "0755"
|
|
loop: "{{ acme_sh_domains }}"
|
|
|
|
|
|
- name: Remove acme.sh installed certificate files
|
|
file:
|
|
path: "{{ item.path | default(acme_sh_copy_certs_to_path) }}/{{ item.domain }}*"
|
|
state: "absent"
|
|
when:
|
|
- item.remove | default(false)
|
|
loop: "{{ acme_sh_domains }}"
|
|
|
|
- name: Issue acme.sh certificate(s) (old token)
|
|
command: >-
|
|
./acme.sh --issue -d {{ item.domain }} --dns dns_cf
|
|
{{ "--force" if item.force_issue | default(false) or item.force_renew | default(false) else "" }}
|
|
{{ "--staging" if item.staging | default(false) else "" }}
|
|
{{ "--debug" if item.debug | default(false) else "" }}
|
|
args:
|
|
chdir: "{{ acme_sh_git_clone_dest }}"
|
|
environment:
|
|
- "CF_Token": "{{ acme_cloudflare_token }}"
|
|
- "CF_Account_ID": "{{ acme_cloudflare_account_id }}"
|
|
- "CF_Zone_ID": "{{ acme_cloudflare_zone_id }}"
|
|
when:
|
|
- not item.remove | default(false)
|
|
- acme_cloudflare_token is defined
|
|
- acme_cloudflare_account_id is defined
|
|
- acme_cloudflare_zone_id is defined
|
|
loop: "{{ acme_sh_domains }}"
|
|
register: issue_result
|
|
changed_when: issue_result.rc == 0 and "Cert success" in issue_result.stdout and not item.force_renew | default(false)
|
|
failed_when: issue_result.rc != 0 and "Domains not changed" not in issue_result.stdout
|
|
|
|
- name: Issue acme.sh certificate(s) (token)
|
|
command: >-
|
|
./acme.sh --issue -d {{ item.domain }} --dns dns_cf
|
|
{{ "--force" if item.force_issue | default(false) or item.force_renew | default(false) else "" }}
|
|
{{ "--staging" if item.staging | default(false) else "" }}
|
|
{{ "--debug" if item.debug | default(false) else "" }}
|
|
args:
|
|
chdir: "{{ acme_sh_git_clone_dest }}"
|
|
environment:
|
|
- "CF_Key": "{{ acme_cloudflare_token }}"
|
|
- "CF_Email": "{{ acme_cloudflare_email }}"
|
|
when:
|
|
- not item.remove | default(false)
|
|
- acme_cloudflare_token is defined
|
|
- acme_cloudflare_email is defined
|
|
loop: "{{ acme_sh_domains }}"
|
|
register: issue_result2
|
|
changed_when: issue_result.rc == 0 and "Cert success" in issue_result.stdout and not item.force_renew | default(false)
|
|
failed_when: issue_result.rc != 0 and "Domains not changed" not in issue_result.stdout
|
|
|
|
# Because even with the when, the var is overridden.
|
|
- name: Grab the good issue result
|
|
set_fact:
|
|
issue_result: "{{ issue_result2 }}"
|
|
when:
|
|
- acme_cloudflare_token is defined
|
|
- acme_cloudflare_email is defined
|
|
|
|
- name: Install acme.sh certificate(s)
|
|
command: >-
|
|
./acme.sh --install-cert -d {{ item.domain }}
|
|
--key-file {{ item.path | default(acme_sh_copy_certs_to_path) }}/{{ item.domain }}.key
|
|
--fullchain-file {{ item.path | default(acme_sh_copy_certs_to_path) }}/{{ item.domain }}.pem
|
|
{{ "--debug" if item.debug | default(false) else "" }}
|
|
args:
|
|
chdir: "{{ acme_sh_git_clone_dest }}"
|
|
loop: "{{ acme_sh_domains }}"
|
|
loop_control:
|
|
index_var: domains_index
|
|
when: not item.remove | default(false)
|
|
register: install_cert_result
|
|
changed_when: issue_result.results[domains_index].changed
|
|
failed_when: install_cert_result.rc != 0 and "Reload error for" not in install_cert_result.stderr
|
|
notify: reload services
|
|
|
|
- name: Change certificate ownership and permission
|
|
file:
|
|
path: "{{ item.path | default(acme_sh_copy_certs_to_path) }}/{{ item.domain }}.pem"
|
|
owner: "{{ item.owner | default('root') }}"
|
|
group: "{{ item.group | default('root') }}"
|
|
mode: '0644'
|
|
loop: "{{ acme_sh_domains }}"
|
|
when: not item.remove | default(false)
|
|
register: install_cert_result
|
|
notify: reload services
|
|
|
|
- name: Change key ownership and permission
|
|
file:
|
|
path: "{{ item.path | default(acme_sh_copy_certs_to_path) }}/{{ item.domain }}.key"
|
|
owner: "{{ item.owner | default('root') }}"
|
|
group: "{{ item.group | default('root') }}"
|
|
mode: '0600'
|
|
loop: "{{ acme_sh_domains }}"
|
|
when: not item.remove | default(false)
|
|
register: install_cert_result
|
|
notify: reload services
|
|
|
|
- name: Remove acme.sh's cloned source code, installation path and log files
|
|
file:
|
|
path: "{{ item }}"
|
|
state: "absent"
|
|
changed_when: False
|
|
loop:
|
|
- "{{ acme_sh_git_clone_dest }}"
|