diff options
Diffstat (limited to 'roles/certbot/tasks/main.yml')
| -rw-r--r-- | roles/certbot/tasks/main.yml | 50 |
1 files changed, 50 insertions, 0 deletions
diff --git a/roles/certbot/tasks/main.yml b/roles/certbot/tasks/main.yml new file mode 100644 index 0000000..3df7304 --- /dev/null +++ b/roles/certbot/tasks/main.yml @@ -0,0 +1,50 @@ +- name: install certbot + dnf: + name: certbot + state: installed + +- name: allow HTTP through firewall + firewalld: + service: http + permanent: yes + immediate: yes + state: enabled + tags: firewalld + +- name: copy certbot hook script + copy: + src: etc/pki/tls/certbot-post.sh + dest: '{{ certificate_postcmd_path }}' + mode: 0555 + +- name: create certbot webroot path + file: + path: '{{ certificate_webroot_path }}' + state: directory + when: certificate_use_apache + +- name: retrieve certificate from letsencrypt + command: + cmd: >- + certbot certonly + --noninteractive + --agree-tos + --no-eff-email + --key-type {{ certificate_type | lower }} + --rsa-key-size {{ certificate_size }} + --email {{ certificate_email }} + {% if certificate_use_apache %} + --webroot + --webroot-path {{ certificate_webroot_path }} + {% else %} + --standalone + {% endif %} + --deploy-hook {{ certificate_postcmd_argv | quote }} + --domains {{ certificate_sans | join(',') }} + creates: '{{ certificate_path }}' + +- name: enable certbot renew timer + systemd: + name: certbot-renew.timer + enabled: yes + state: started |