diff options
Diffstat (limited to 'roles/letsencrypt/tasks/main.yml')
| -rw-r--r-- | roles/letsencrypt/tasks/main.yml | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/roles/letsencrypt/tasks/main.yml b/roles/letsencrypt/tasks/main.yml index 5606b60..b7d0df0 100644 --- a/roles/letsencrypt/tasks/main.yml +++ b/roles/letsencrypt/tasks/main.yml @@ -14,22 +14,36 @@ owner: root group: root mode: 0755 + when: letsencrypt - name: install certbot apt: name: certbot default_release: stretch-backports + when: letsencrypt - name: install haproxy apt: name: haproxy +- name: install ssl-cert + apt: + name: ssl-cert + when: not letsencrypt + - name: stop haproxy ignore_errors: true systemd: name: haproxy state: stopped +- name: install snakeoil certificate for haproxy + shell: | + cat /etc/ssl/certs/ssl-cert-snakeoil.pem \ + /etc/ssl/private/ssl-cert-snakeoil.key \ + > /etc/haproxy/haproxy.pem + when: not letsencrypt + - name: fetch new certificate command: > certbot certonly @@ -38,9 +52,11 @@ --domain "{{ letsencrypt_domain }}" --email "{{ letsencrypt_email }}" --agree-tos + when: letsencrypt - name: install new cert for haproxy command: /usr/local/sbin/deploy_certs_haproxy + when: letsencrypt - name: start haproxy ignore_errors: true @@ -60,3 +76,4 @@ --quiet --pre-hook "systemctl stop haproxy" --post-hook "/usr/local/sbin/deploy_certs_haproxy && systemctl start haproxy" + when: letsencrypt |