- name: check if acme certs already exists
stat:
- path: /var/lib/acme/live/{{ r3rsrv.name }}
+ path: "/var/lib/acme/live/{{ item }}"
+ with_items: "{{ r3rsrv.urls }}"
register: nginx_acme_cert
-- name: link nonexistent hostname to self-signed interim cert
- when: not nginx_acme_cert.stat.exists
+- name: set acmecert_missing_hostnames variable
+ set_fact:
+ acmecert_missing_hostnames: "{{ nginx_acme_cert.results | acme_cert_nonexistent(r3rsrv.urls) }}"
+
+- name: link nonexistent hostnames to self-signed interim cert
+ when: acmecert_missing_hostnames | length > 0
block:
- name: get id of existing selfsigned interim certificate
command: cat /var/lib/acme/.selfsigned-interim-cert
- name: link to snakeoil cert for nonexistent hostnames
file:
src: "../certs/{{ selfsigned_interim_cert_id }}"
- dest: "/var/lib/acme/live/{{ r3rsrv.name }}"
+ dest: "/var/lib/acme/live/{{ item }}"
state: link
+ with_items: "{{ acmecert_missing_hostnames }}"
-- name: enable nginx vhost config
+- name: enable vhost config using acme cert
file:
- src: ../sites-available/{{ r3rsrv.name }}
- dest: /etc/nginx/sites-enabled/{{ r3rsrv.name }}
+ src: "../sites-available/{{ r3rsrv.name }}"
+ dest: "/etc/nginx/sites-enabled/{{ r3rsrv.name }}"
state: link
notify: reload nginx
import_role:
name: acmetool/cert
vars:
- acmetool_cert_name: "{{ r3rsrv.name }}"
-
+ acmetool_cert_name: "{{ r3rsrv.urls[0] }}"
+ acmetool_cert_hostnames: "{{ r3rsrv.urls }}"
include snippets/acmetool.conf;
include snippets/ssl.conf;
- ssl_certificate /var/lib/acme/live/{{ r3rsrv.name }}/fullchain;
- ssl_certificate_key /var/lib/acme/live/{{ r3rsrv.name }}/privkey;
+ ssl_certificate /var/lib/acme/live/{{ r3rsrv.urls[0] }}/fullchain;
+ ssl_certificate_key /var/lib/acme/live/{{ r3rsrv.urls[0] }}/privkey;
include snippets/hsts.conf;
include snippets/security-headers.conf;
include snippets/acmetool.conf;
include snippets/ssl.conf;
- ssl_certificate /var/lib/acme/live/{{ r3rsrv.name }}/fullchain;
- ssl_certificate_key /var/lib/acme/live/{{ r3rsrv.name }}/privkey;
+ ssl_certificate /var/lib/acme/live/{{ r3rsrv.urls[0] }}/fullchain;
+ ssl_certificate_key /var/lib/acme/live/{{ r3rsrv.urls[0] }}/privkey;
include snippets/hsts.conf;
include snippets/security-headers.conf;
include snippets/acmetool.conf;
include snippets/ssl.conf;
- ssl_certificate /var/lib/acme/live/{{ r3rsrv.name }}/fullchain;
- ssl_certificate_key /var/lib/acme/live/{{ r3rsrv.name }}/privkey;
+ ssl_certificate /var/lib/acme/live/{{ r3rsrv.urls[0] }}/fullchain;
+ ssl_certificate_key /var/lib/acme/live/{{ r3rsrv.urls[0] }}/privkey;
include snippets/hsts.conf;
include snippets/security-headers.conf;
include snippets/acmetool.conf;
include snippets/ssl.conf;
- ssl_certificate /var/lib/acme/live/{{ r3rsrv.name }}/fullchain;
- ssl_certificate_key /var/lib/acme/live/{{ r3rsrv.name }}/privkey;
+ ssl_certificate /var/lib/acme/live/{{ r3rsrv.urls[0] }}/fullchain;
+ ssl_certificate_key /var/lib/acme/live/{{ r3rsrv.urls[0] }}/privkey;
include snippets/hsts.conf;
include snippets/security-headers.conf;
include snippets/acmetool.conf;
include snippets/ssl.conf;
- ssl_certificate /var/lib/acme/live/{{ r3rsrv.name }}/fullchain;
- ssl_certificate_key /var/lib/acme/live/{{ r3rsrv.name }}/privkey;
+ ssl_certificate /var/lib/acme/live/{{ r3rsrv.urls[0] }}/fullchain;
+ ssl_certificate_key /var/lib/acme/live/{{ r3rsrv.urls[0] }}/privkey;
include snippets/hsts.conf;
include snippets/security-headers.conf;
projects / noc.git / commitdiff