Fix: recreate haproxy.pem in cron job

haproxy wants a haproxy.pem that is the catenation of letsencrypt's fullchain.pem and privkey.pem. It's created by the Ansible playbook, but if you don't run Ansible for three months, the cert will expire. Add a daily cron job that recreates haproxy.pem every day. This might be doable using a certbot haproxy plugin, but I can't be arsed to find out. Don't understand why letsencrypt doesn't just create such a file by default, or why haproxy wants such a file.
author: Lars Wirzenius <liw@liw.fi> 2018-11-06 11:02:17 +0200
committer: Lars Wirzenius <liw@liw.fi> 2018-11-06 11:02:17 +0200
commit: bb35abf58580f570829ba4d3e56eeaf61e2e8a9e (patch)
tree: e491ac03430023ba47cdd77c7272a4a3152b48cc /roles
parent: fc12b854b1ed1b9e9d1c890998c1e294269c6a58 (diff)
download: debian-ansible-bb35abf58580f570829ba4d3e56eeaf61e2e8a9e.tar.gz
1 files changed, 11 insertions, 0 deletions
diff --git a/roles/haproxy/tasks/main.yml b/roles/haproxy/tasks/main.yml
index a7854fb..8129482 100644
--- a/roles/haproxy/tasks/main.yml
+++ b/roles/haproxy/tasks/main.yml
@@ -38,6 +38,17 @@
     (cd /etc/letsencrypt/live/haproxy; cat fullchain.pem privkey.pem) \
         > /etc/ssl/haproxy.pem
 
+- name: "install daily cron job to create haproxy.pem"
+  copy:
+    content: |
+      #!/bin/sh
+      cd /etc/letsencrypt/live/haproxy
+      cat fullchain.pem privkey.pem > /etc/ssl/haproxy.pem
+    dest: /etc/cron.daily/haproxy.pem
+    owner: root
+    group: root
+    mode: 0755
+
 - name: install haproxy
   apt:
     name: haproxy
author	Lars Wirzenius <liw@liw.fi>	2018-11-06 11:02:17 +0200
committer	Lars Wirzenius <liw@liw.fi>	2018-11-06 11:02:17 +0200
commit	bb35abf58580f570829ba4d3e56eeaf61e2e8a9e (patch)
tree	e491ac03430023ba47cdd77c7272a4a3152b48cc /roles
parent	fc12b854b1ed1b9e9d1c890998c1e294269c6a58 (diff)
download	debian-ansible-bb35abf58580f570829ba4d3e56eeaf61e2e8a9e.tar.gz