Only attempt to fulfill the challenge if we have to
This commit is contained in:
parent
e5a5f5efcd
commit
85b0b2e139
@ -44,6 +44,8 @@
|
|||||||
fullchain_dest: "/etc/pki/cert/crt/{{ website_url }}-fullchain.crt"
|
fullchain_dest: "/etc/pki/cert/crt/{{ website_url }}-fullchain.crt"
|
||||||
register: com_challenge
|
register: com_challenge
|
||||||
- name: Create or renew certificate
|
- name: Create or renew certificate
|
||||||
|
block:
|
||||||
|
- name: Fulfill challenge
|
||||||
block:
|
block:
|
||||||
- name: Back up website config
|
- name: Back up website config
|
||||||
command: "mv /etc/apache2/sites-enabled/{{ website_url }}.conf /etc/apache2/sites-available/{{ website_url }}.conf"
|
command: "mv /etc/apache2/sites-enabled/{{ website_url }}.conf /etc/apache2/sites-available/{{ website_url }}.conf"
|
||||||
@ -67,6 +69,7 @@
|
|||||||
copy:
|
copy:
|
||||||
dest: "{{ acme_webroot }}/{{ com_challenge['challenge_data'][website_url]['http-01']['resource'] }}"
|
dest: "{{ acme_webroot }}/{{ com_challenge['challenge_data'][website_url]['http-01']['resource'] }}"
|
||||||
content: "{{ com_challenge['challenge_data'][website_url]['http-01']['resource_value'] }}"
|
content: "{{ com_challenge['challenge_data'][website_url]['http-01']['resource_value'] }}"
|
||||||
|
when: com_challenge['challenge_data']|length > 0
|
||||||
- name: Create certificate
|
- name: Create certificate
|
||||||
acme_certificate:
|
acme_certificate:
|
||||||
acme_directory: "{{ acme_directory }}"
|
acme_directory: "{{ acme_directory }}"
|
||||||
@ -77,6 +80,18 @@
|
|||||||
fullchain_dest: "/etc/pki/cert/crt/{{ website_url }}-fullchain.crt"
|
fullchain_dest: "/etc/pki/cert/crt/{{ website_url }}-fullchain.crt"
|
||||||
chain_dest: "/etc/pki/cert/crt/{{ website_url }}-intermediate.crt"
|
chain_dest: "/etc/pki/cert/crt/{{ website_url }}-intermediate.crt"
|
||||||
data: "{{ com_challenge }}"
|
data: "{{ com_challenge }}"
|
||||||
|
- name: Assign appropriate permissions to certificate
|
||||||
|
file:
|
||||||
|
path: "{{ item }}"
|
||||||
|
owner: root
|
||||||
|
group: www-data
|
||||||
|
mode: "0640"
|
||||||
|
loop:
|
||||||
|
- "/etc/pki/cert/crt/{{ website_url }}.crt"
|
||||||
|
- "/etc/pki/cert/crt/{{ website_url }}-fullchain.crt"
|
||||||
|
- "/etc/pki/cert/crt/{{ website_url }}-intermediate.crt"
|
||||||
|
- name: Clean up fulfillment
|
||||||
|
block:
|
||||||
- name: Remove webroot
|
- name: Remove webroot
|
||||||
file:
|
file:
|
||||||
path: "{{ acme_webroot }}/.well-known"
|
path: "{{ acme_webroot }}/.well-known"
|
||||||
@ -89,6 +104,7 @@
|
|||||||
command: "/usr/bin/mv /etc/apache2/sites-available/{{ website_url }}.conf /etc/apache2/sites-enabled/{{ website_url }}.conf"
|
command: "/usr/bin/mv /etc/apache2/sites-available/{{ website_url }}.conf /etc/apache2/sites-enabled/{{ website_url }}.conf"
|
||||||
args:
|
args:
|
||||||
creates: "/etc/apache2/sites-enabled/{{ website_url }}.conf"
|
creates: "/etc/apache2/sites-enabled/{{ website_url }}.conf"
|
||||||
|
when: com_challenge['challenge_data']|length > 0
|
||||||
- name: Reload Apache
|
- name: Reload Apache
|
||||||
service:
|
service:
|
||||||
name: apache2
|
name: apache2
|
||||||
|
Loading…
Reference in New Issue
Block a user