Only attempt to fulfill the challenge if we have to

This commit is contained in:
Salt 2020-02-20 05:25:46 -06:00
parent e5a5f5efcd
commit 85b0b2e139

View File

@ -44,6 +44,8 @@
fullchain_dest: "/etc/pki/cert/crt/{{ website_url }}-fullchain.crt" fullchain_dest: "/etc/pki/cert/crt/{{ website_url }}-fullchain.crt"
register: com_challenge register: com_challenge
- name: Create or renew certificate - name: Create or renew certificate
block:
- name: Fulfill challenge
block: block:
- name: Back up website config - name: Back up website config
command: "mv /etc/apache2/sites-enabled/{{ website_url }}.conf /etc/apache2/sites-available/{{ website_url }}.conf" command: "mv /etc/apache2/sites-enabled/{{ website_url }}.conf /etc/apache2/sites-available/{{ website_url }}.conf"
@ -67,6 +69,7 @@
copy: copy:
dest: "{{ acme_webroot }}/{{ com_challenge['challenge_data'][website_url]['http-01']['resource'] }}" dest: "{{ acme_webroot }}/{{ com_challenge['challenge_data'][website_url]['http-01']['resource'] }}"
content: "{{ com_challenge['challenge_data'][website_url]['http-01']['resource_value'] }}" content: "{{ com_challenge['challenge_data'][website_url]['http-01']['resource_value'] }}"
when: com_challenge['challenge_data']|length > 0
- name: Create certificate - name: Create certificate
acme_certificate: acme_certificate:
acme_directory: "{{ acme_directory }}" acme_directory: "{{ acme_directory }}"
@ -77,6 +80,18 @@
fullchain_dest: "/etc/pki/cert/crt/{{ website_url }}-fullchain.crt" fullchain_dest: "/etc/pki/cert/crt/{{ website_url }}-fullchain.crt"
chain_dest: "/etc/pki/cert/crt/{{ website_url }}-intermediate.crt" chain_dest: "/etc/pki/cert/crt/{{ website_url }}-intermediate.crt"
data: "{{ com_challenge }}" data: "{{ com_challenge }}"
- name: Assign appropriate permissions to certificate
file:
path: "{{ item }}"
owner: root
group: www-data
mode: "0640"
loop:
- "/etc/pki/cert/crt/{{ website_url }}.crt"
- "/etc/pki/cert/crt/{{ website_url }}-fullchain.crt"
- "/etc/pki/cert/crt/{{ website_url }}-intermediate.crt"
- name: Clean up fulfillment
block:
- name: Remove webroot - name: Remove webroot
file: file:
path: "{{ acme_webroot }}/.well-known" path: "{{ acme_webroot }}/.well-known"
@ -89,6 +104,7 @@
command: "/usr/bin/mv /etc/apache2/sites-available/{{ website_url }}.conf /etc/apache2/sites-enabled/{{ website_url }}.conf" command: "/usr/bin/mv /etc/apache2/sites-available/{{ website_url }}.conf /etc/apache2/sites-enabled/{{ website_url }}.conf"
args: args:
creates: "/etc/apache2/sites-enabled/{{ website_url }}.conf" creates: "/etc/apache2/sites-enabled/{{ website_url }}.conf"
when: com_challenge['challenge_data']|length > 0
- name: Reload Apache - name: Reload Apache
service: service:
name: apache2 name: apache2