From 272c174a5a4718ce6cdae4e620f2d07f99d4772c Mon Sep 17 00:00:00 2001
From: Lars Wirzenius <liw@liw.fi>
Date: Tue, 19 Jun 2018 15:34:36 +0300
Subject: Change: support static website aliases for letsenrypt

---
 roles/apache_server/tasks/main.yml                 |  9 +++++----
 .../templates/deploy_static_site_certs             | 23 +++++++++++-----------
 2 files changed, 17 insertions(+), 15 deletions(-)

(limited to 'roles')

diff --git a/roles/apache_server/tasks/main.yml b/roles/apache_server/tasks/main.yml
index 79b5054..5f9c39f 100644
--- a/roles/apache_server/tasks/main.yml
+++ b/roles/apache_server/tasks/main.yml
@@ -12,16 +12,17 @@
   when: letsencrypt
 
 - name: "empty list of domains for Let's Encrypt"
-  shell: rm -f /etc/letsencrypt/static_sites/*
+  file:
+    path: /etc/letsencrypt/static_sites.list
+    state: absent
 
 - name: "create list of domains for static sites to get Let's Encrypt certs for"
   shell: |
-    listdir="/etc/letsencrypt/static_sites"
+    list="/etc/letsencrypt/static_sites.list"
     wellknown="/srv/letsencrypt"
-    mkdir -p "$listdir" "$wellknown"
     if [ "{{ item.letsencrypt|default(false) }}" = True ]
     then
-        touch "$listdir/{{ item.domain }}"
+        echo "{{ item.domain }} {{ item.alias|default('') }}" >> "$list"
         mkdir -p "$wellknown/{{ item.domain }}"
     fi
   with_items: "{{ static_sites }}"
diff --git a/roles/apache_server/templates/deploy_static_site_certs b/roles/apache_server/templates/deploy_static_site_certs
index 3521651..b0227e8 100644
--- a/roles/apache_server/templates/deploy_static_site_certs
+++ b/roles/apache_server/templates/deploy_static_site_certs
@@ -9,21 +9,22 @@ domains()
     ls
 }
 
-
 opts()
 {
-    for domain in $(domains)
+    domains | while read domain alias
     do
-        echo -w "/srv/http/$domain" -d "$domain" \
-             --webroot-path "/srv/letsencrypt/$domain"
+        echo -w "/srv/letsencrypt/$domain" -d "$domain"
+        if [ -n "$alias" ]
+        then
+            echo -d "$alias"
+        fi
     done
 }
 
-
 certbot certonly \
-        --noninteractive \
-        --email "{{ letsencrypt_email }}" \
-        --agree-tos \
-        --expand \
-        --cert-name static_sites \
-        --webroot $(opts)
+     --noninteractive \
+     --email "{{ letsencrypt_email }}" \
+     --agree-tos \
+     --expand \
+     --cert-name static_sites \
+     --webroot $(opts)
-- 
cgit v1.2.1