diff options
author | Lars Wirzenius <liw@liw.fi> | 2018-07-03 16:59:00 +0300 |
---|---|---|
committer | Lars Wirzenius <liw@liw.fi> | 2018-07-03 16:59:00 +0300 |
commit | ed62f2c98059a605ead1a9b4838c75fbd55ead19 (patch) | |
tree | d48b495813356ddbb283402e3ccd84f0c1a281ce /roles/apache_server/templates | |
parent | 272c174a5a4718ce6cdae4e620f2d07f99d4772c (diff) | |
download | debian-ansible-ed62f2c98059a605ead1a9b4838c75fbd55ead19.tar.gz |
Change: let user group Let's Encrypt certs
Diffstat (limited to 'roles/apache_server/templates')
-rw-r--r-- | roles/apache_server/templates/deploy_static_site_certs | 41 | ||||
-rw-r--r-- | roles/apache_server/templates/virtualhost.conf.tmpl | 4 |
2 files changed, 27 insertions, 18 deletions
diff --git a/roles/apache_server/templates/deploy_static_site_certs b/roles/apache_server/templates/deploy_static_site_certs index b0227e8..440fe23 100644 --- a/roles/apache_server/templates/deploy_static_site_certs +++ b/roles/apache_server/templates/deploy_static_site_certs @@ -3,28 +3,37 @@ set -eu -domains() -{ - cd /etc/letsencrypt/static_sites - ls -} - opts() { - domains | while read domain alias + cat "$1" | while read domain alias do - echo -w "/srv/letsencrypt/$domain" -d "$domain" + printf "%s" "-w /srv/letsencrypt/$domain -d $domain" if [ -n "$alias" ] then - echo -d "$alias" + printf "%s" " -d $alias" fi + printf "\n" done } -certbot certonly \ - --noninteractive \ - --email "{{ letsencrypt_email }}" \ - --agree-tos \ - --expand \ - --cert-name static_sites \ - --webroot $(opts) + +run_certbot() +{ + local list="$1" + local certname="$2" + certbot certonly \ + --standalone \ + --noninteractive \ + --email "{{ letsencrypt_email }}" \ + --agree-tos \ + --expand \ + --cert-name "$certname" \ + $(opts "$list") +} + + +for list in /etc/letsencrypt/*.list +do + certname="$(basename "$list" .list)" + run_certbot "$list" "$certname" +done diff --git a/roles/apache_server/templates/virtualhost.conf.tmpl b/roles/apache_server/templates/virtualhost.conf.tmpl index c3d3b97..8d069ce 100644 --- a/roles/apache_server/templates/virtualhost.conf.tmpl +++ b/roles/apache_server/templates/virtualhost.conf.tmpl @@ -57,7 +57,7 @@ </Directory> SSLEngine on - SSLCertificateFile "/etc/letsencrypt/live/static_sites/fullchain.pem" - SSLCertificateKeyFile "/etc/letsencrypt/live/static_sites/privkey.pem" + SSLCertificateFile "/etc/letsencrypt/live/{{ item.letsencrypt_cert|default('static_sites') }}/fullchain.pem" + SSLCertificateKeyFile "/etc/letsencrypt/live/{{ item.letsencrypt_cert|default('static_sites') }}/privkey.pem" </VirtualHost> {% endif %} |