diff options
author | Lars Wirzenius <liw@liw.fi> | 2018-11-06 11:02:17 +0200 |
---|---|---|
committer | Lars Wirzenius <liw@liw.fi> | 2018-11-06 11:02:17 +0200 |
commit | bb35abf58580f570829ba4d3e56eeaf61e2e8a9e (patch) | |
tree | e491ac03430023ba47cdd77c7272a4a3152b48cc | |
parent | fc12b854b1ed1b9e9d1c890998c1e294269c6a58 (diff) | |
download | debian-ansible-bb35abf58580f570829ba4d3e56eeaf61e2e8a9e.tar.gz |
Fix: recreate haproxy.pem in cron job
haproxy wants a haproxy.pem that is the catenation of letsencrypt's
fullchain.pem and privkey.pem. It's created by the Ansible playbook,
but if you don't run Ansible for three months, the cert will expire.
Add a daily cron job that recreates haproxy.pem every day.
This might be doable using a certbot haproxy plugin, but I can't be
arsed to find out. Don't understand why letsencrypt doesn't just
create such a file by default, or why haproxy wants such a file.
-rw-r--r-- | roles/haproxy/tasks/main.yml | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/roles/haproxy/tasks/main.yml b/roles/haproxy/tasks/main.yml index a7854fb..8129482 100644 --- a/roles/haproxy/tasks/main.yml +++ b/roles/haproxy/tasks/main.yml @@ -38,6 +38,17 @@ (cd /etc/letsencrypt/live/haproxy; cat fullchain.pem privkey.pem) \ > /etc/ssl/haproxy.pem +- name: "install daily cron job to create haproxy.pem" + copy: + content: | + #!/bin/sh + cd /etc/letsencrypt/live/haproxy + cat fullchain.pem privkey.pem > /etc/ssl/haproxy.pem + dest: /etc/cron.daily/haproxy.pem + owner: root + group: root + mode: 0755 + - name: install haproxy apt: name: haproxy |