diff options
Diffstat (limited to 'roles/letsencrypt/tasks/main.yml')
-rw-r--r-- | roles/letsencrypt/tasks/main.yml | 79 |
1 files changed, 0 insertions, 79 deletions
diff --git a/roles/letsencrypt/tasks/main.yml b/roles/letsencrypt/tasks/main.yml deleted file mode 100644 index b7d0df0..0000000 --- a/roles/letsencrypt/tasks/main.yml +++ /dev/null @@ -1,79 +0,0 @@ -- name: check required variables - fail: - msg: "value of {{ item }} should no be FIXME!" - with_items: - - letsencrypt_domain - - letsencrypt_email - - letsencrypt_server - when: item == "FIXME" - -- name: install deploy_certs_haproxy - template: - src: deploy_certs_haproxy - dest: /usr/local/sbin/deploy_certs_haproxy - owner: root - group: root - mode: 0755 - when: letsencrypt - -- name: install certbot - apt: - name: certbot - default_release: stretch-backports - when: letsencrypt - -- name: install haproxy - apt: - name: haproxy - -- name: install ssl-cert - apt: - name: ssl-cert - when: not letsencrypt - -- name: stop haproxy - ignore_errors: true - systemd: - name: haproxy - state: stopped - -- name: install snakeoil certificate for haproxy - shell: | - cat /etc/ssl/certs/ssl-cert-snakeoil.pem \ - /etc/ssl/private/ssl-cert-snakeoil.key \ - > /etc/haproxy/haproxy.pem - when: not letsencrypt - -- name: fetch new certificate - command: > - certbot certonly - --standalone - --noninteractive - --domain "{{ letsencrypt_domain }}" - --email "{{ letsencrypt_email }}" - --agree-tos - when: letsencrypt - -- name: install new cert for haproxy - command: /usr/local/sbin/deploy_certs_haproxy - when: letsencrypt - -- name: start haproxy - ignore_errors: true - systemd: - name: haproxy - state: started - -- name: add cron job - cron: - name: letsencrypt - hour: 23 - minute: 42 - user: root - job: > - certbot renew - --standalone - --quiet - --pre-hook "systemctl stop haproxy" - --post-hook "/usr/local/sbin/deploy_certs_haproxy && systemctl start haproxy" - when: letsencrypt |