From 0261e875679f1bf63c8d689da7fc7e014597885d Mon Sep 17 00:00:00 2001
From: Stonewall Jackson <stonewall@sacredheartsc.com>
Date: Sat, 4 Feb 2023 01:23:43 -0500
Subject: initial commit

---
 roles/certbot/tasks/main.yml | 50 ++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 50 insertions(+)
 create mode 100644 roles/certbot/tasks/main.yml

(limited to 'roles/certbot/tasks/main.yml')

diff --git a/roles/certbot/tasks/main.yml b/roles/certbot/tasks/main.yml
new file mode 100644
index 0000000..3df7304
--- /dev/null
+++ b/roles/certbot/tasks/main.yml
@@ -0,0 +1,50 @@
+- name: install certbot
+  dnf:
+    name: certbot
+    state: installed
+
+- name: allow HTTP through firewall
+  firewalld:
+    service: http
+    permanent: yes
+    immediate: yes
+    state: enabled
+  tags: firewalld
+
+- name: copy certbot hook script
+  copy:
+    src: etc/pki/tls/certbot-post.sh
+    dest: '{{ certificate_postcmd_path }}'
+    mode: 0555
+
+- name: create certbot webroot path
+  file:
+    path: '{{ certificate_webroot_path }}'
+    state: directory
+  when: certificate_use_apache
+
+- name: retrieve certificate from letsencrypt
+  command:
+    cmd: >-
+      certbot certonly
+      --noninteractive
+      --agree-tos
+      --no-eff-email
+      --key-type {{ certificate_type | lower }}
+      --rsa-key-size {{ certificate_size }}
+      --email {{ certificate_email }}
+      {% if certificate_use_apache %}
+      --webroot
+      --webroot-path {{ certificate_webroot_path }}
+      {% else %}
+      --standalone
+      {% endif %}
+      --deploy-hook {{ certificate_postcmd_argv | quote }}
+      --domains {{ certificate_sans | join(',') }}
+    creates: '{{ certificate_path }}'
+
+- name: enable certbot renew timer
+  systemd:
+    name: certbot-renew.timer
+    enabled: yes
+    state: started
-- 
cgit