diff options
| author | Mitch Riedstra <mitch@riedstra.us> | 2020-10-06 20:52:41 -0400 |
|---|---|---|
| committer | Mitch Riedstra <mitch@riedstra.us> | 2020-10-06 20:52:41 -0400 |
| commit | 22edab4638df31df0059a881e5b7f39ffd84a85d (patch) | |
| tree | b03203d8447540201fe86dcf795598690983854d | |
| parent | 2f77c2f0d1faec9b4af9e5b8445b5a287d966aeb (diff) | |
| download | acme.sh-22edab4638df31df0059a881e5b7f39ffd84a85d.tar.gz acme.sh-22edab4638df31df0059a881e5b7f39ffd84a85d.tar.xz | |
Finish up the role. Allow forcing of certificate renewals, and do not try to re-issue a cert under normal circumstances
| -rw-r--r-- | defaults/main.yml | 4 | ||||
| -rw-r--r-- | tasks/main.yml | 28 |
2 files changed, 30 insertions, 2 deletions
diff --git a/defaults/main.yml b/defaults/main.yml index 3b276af..035f0f3 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -20,6 +20,10 @@ acmesh_env: | # your certificates will be technically correct but invalid acmesh_flags: --staging +# Set to 1 to force a renewal, you might want to set it back to 0 when done. +# automatically adds a --force flag +acmesh_force: '1' + acmesh_user: name: acme home: /var/acme diff --git a/tasks/main.yml b/tasks/main.yml index b3c0570..b788abb 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -63,18 +63,42 @@ #!/bin/sh set -e set -x + cd '{{acmesh_user.home}}' {{acmesh_env}} . $HOME/install/acme.sh.env + force="" + if [ "{{acmesh_force}}" -eq 1 ] ; then + force="--force" + fi + {% for item in acmesh_domains %} + if ! [ -d "certs/{{item}}" ] || ! [ -z "$force" ] ; then acme.sh {{acmesh_flags | replace('\n', ' ')}} \ + $force \ --issue \ --dns dns_aws \ --challenge-alias "{{acmesh_delegation_domain}}" \ -d "{{item}}" -d "*.{{item}}" + fi {% endfor %} dest: '{{acmesh_user.home}}/issue.sh' - -# - name: Issue certificates + mode: 0500 + owner: '{{acmesh_user.name}}' + register: issue_script +- name: Run issue script + shell: | + #!/bin/sh + echo '{{acmesh_user.home}}/issue.sh' | su -s /bin/sh '{{acmesh_user.name}}' + when: issue_script.changed +# acme.sh should install a cron job automatically, in the event it does not +# you should be able to use a task like this +# - name: Install cron job for renewals +# cron: +# name: "letsencrypt / acme cron" +# job: '{{acmesh_user.home}}/install/acme.sh --cron >> {{acmesh_user.home}}/conf {{acmesh_user.home}}/renewals.log' +# hour: '0' +# minute: '0' +# user: '{{acmesh_user.name}}' |