--- - name: Create acme user user: name: '{{acmesh_user.name}}' state: present home: '{{acmesh_user.home}}' shell: '{{acmesh_user.shell}}' system: '{{acmesh_user.system}}' - name: Set homedir permissions file: path: '{{acmesh_user.home}}' state: directory mode: '0710' owner: '{{acmesh_user.name}}' - name: Create install directory file: state: directory owner: '{{acmesh_user.name}}' path: '{{acmesh_user.home}}/install' - name: Get acme.sh tarball get_url: url: '{{acmesh_url}}' dest: '{{acmesh_user.home}}/install/acme.sh-{{acmesh_commit}}.tar.gz' mode: '0755' checksum: '{{acmesh_checksum}}' owner: '{{acmesh_user.name}}' register: tarball - name: Write install script copy: content: | #!/bin/sh set -e set -x cd '{{acmesh_user.home}}/install' if ! [ -d 'acme.sh-{{acmesh_commit}}' ] ; then tar -xzf 'acme.sh-{{acmesh_commit}}.tar.gz' fi cd 'acme.sh-{{acmesh_commit}}' sh ./acme.sh --install \ --home $HOME/install \ --config-home $HOME/conf \ --cert-home $HOME/certs \ --accountemail "{{acmesh_email}}" \ --accountkey $HOME/account.key \ --accountconf $HOME/account.conf dest: /tmp/acme_install.sh mode: 0755 - name: Run acme.sh install script shell: | #!/bin/sh echo '/tmp/acme_install.sh' | su -s /bin/sh '{{acmesh_user.name}}' when: tarball.changed - name: Set cert directory permissions file: path: '{{acmesh_user.home}}/certs' state: directory mode: 'u=rwX,g=rX,o-rwx' owner: '{{acmesh_user.name}}' recurse: true - name: Write issue script copy: content: | #!/bin/sh set -e set -x {{acmesh_env}} . $HOME/install/acme.sh.env {% for item in acmesh_domains %} acme.sh {{acmesh_flags | replace('\n', ' ')}} \ --issue \ --dns dns_aws \ --challenge-alias "{{acmesh_delegation_domain}}" \ -d "{{item}}" -d "*.{{item}}" {% endfor %} dest: '{{acmesh_user.home}}/issue.sh' # - name: Issue certificates