Only attempt to fulfill the challenge if we have to
This commit is contained in:
parent
e5a5f5efcd
commit
85b0b2e139
@ -45,28 +45,31 @@
|
||||
register: com_challenge
|
||||
- name: Create or renew certificate
|
||||
block:
|
||||
- name: Back up website config
|
||||
command: "mv /etc/apache2/sites-enabled/{{ website_url }}.conf /etc/apache2/sites-available/{{ website_url }}.conf"
|
||||
args:
|
||||
creates: "/etc/apache2/sites-available/{{ website_url }}.conf"
|
||||
- name: Create temporary config
|
||||
template:
|
||||
src: apache2-vhost.conf
|
||||
dest: "/etc/apache2/sites-enabled/{{ website_url }}.conf"
|
||||
- name: Reload Apache
|
||||
service:
|
||||
name: apache2
|
||||
state: reloaded
|
||||
- name: Create well-known directory
|
||||
file:
|
||||
path: "{{ acme_webroot }}/.well-known/acme-challenge"
|
||||
mode: "0755"
|
||||
recurse: yes
|
||||
state: directory
|
||||
- name: Copy challenge files
|
||||
copy:
|
||||
dest: "{{ acme_webroot }}/{{ com_challenge['challenge_data'][website_url]['http-01']['resource'] }}"
|
||||
content: "{{ com_challenge['challenge_data'][website_url]['http-01']['resource_value'] }}"
|
||||
- name: Fulfill challenge
|
||||
block:
|
||||
- name: Back up website config
|
||||
command: "mv /etc/apache2/sites-enabled/{{ website_url }}.conf /etc/apache2/sites-available/{{ website_url }}.conf"
|
||||
args:
|
||||
creates: "/etc/apache2/sites-available/{{ website_url }}.conf"
|
||||
- name: Create temporary config
|
||||
template:
|
||||
src: apache2-vhost.conf
|
||||
dest: "/etc/apache2/sites-enabled/{{ website_url }}.conf"
|
||||
- name: Reload Apache
|
||||
service:
|
||||
name: apache2
|
||||
state: reloaded
|
||||
- name: Create well-known directory
|
||||
file:
|
||||
path: "{{ acme_webroot }}/.well-known/acme-challenge"
|
||||
mode: "0755"
|
||||
recurse: yes
|
||||
state: directory
|
||||
- name: Copy challenge files
|
||||
copy:
|
||||
dest: "{{ acme_webroot }}/{{ com_challenge['challenge_data'][website_url]['http-01']['resource'] }}"
|
||||
content: "{{ com_challenge['challenge_data'][website_url]['http-01']['resource_value'] }}"
|
||||
when: com_challenge['challenge_data']|length > 0
|
||||
- name: Create certificate
|
||||
acme_certificate:
|
||||
acme_directory: "{{ acme_directory }}"
|
||||
@ -77,18 +80,31 @@
|
||||
fullchain_dest: "/etc/pki/cert/crt/{{ website_url }}-fullchain.crt"
|
||||
chain_dest: "/etc/pki/cert/crt/{{ website_url }}-intermediate.crt"
|
||||
data: "{{ com_challenge }}"
|
||||
- name: Remove webroot
|
||||
- name: Assign appropriate permissions to certificate
|
||||
file:
|
||||
path: "{{ acme_webroot }}/.well-known"
|
||||
state: absent
|
||||
- name: Remove temporary config
|
||||
file:
|
||||
path: "/etc/apache2/sites-enabled/{{ website_url }}.conf"
|
||||
state: absent
|
||||
- name: Restore original config
|
||||
command: "/usr/bin/mv /etc/apache2/sites-available/{{ website_url }}.conf /etc/apache2/sites-enabled/{{ website_url }}.conf"
|
||||
args:
|
||||
creates: "/etc/apache2/sites-enabled/{{ website_url }}.conf"
|
||||
path: "{{ item }}"
|
||||
owner: root
|
||||
group: www-data
|
||||
mode: "0640"
|
||||
loop:
|
||||
- "/etc/pki/cert/crt/{{ website_url }}.crt"
|
||||
- "/etc/pki/cert/crt/{{ website_url }}-fullchain.crt"
|
||||
- "/etc/pki/cert/crt/{{ website_url }}-intermediate.crt"
|
||||
- name: Clean up fulfillment
|
||||
block:
|
||||
- name: Remove webroot
|
||||
file:
|
||||
path: "{{ acme_webroot }}/.well-known"
|
||||
state: absent
|
||||
- name: Remove temporary config
|
||||
file:
|
||||
path: "/etc/apache2/sites-enabled/{{ website_url }}.conf"
|
||||
state: absent
|
||||
- name: Restore original config
|
||||
command: "/usr/bin/mv /etc/apache2/sites-available/{{ website_url }}.conf /etc/apache2/sites-enabled/{{ website_url }}.conf"
|
||||
args:
|
||||
creates: "/etc/apache2/sites-enabled/{{ website_url }}.conf"
|
||||
when: com_challenge['challenge_data']|length > 0
|
||||
- name: Reload Apache
|
||||
service:
|
||||
name: apache2
|
||||
|
||||
Loading…
Reference in New Issue
Block a user