certbot
eric 2019-01-24 16:33:24 -05:00
parent cfa971eb79
commit de88fa12b2
4 changed files with 34 additions and 33 deletions

View File

@ -11,7 +11,7 @@ server_name: "m.unglue.it"
wsgi_home: "/opt/regluit/venv" wsgi_home: "/opt/regluit/venv"
wsgi_python_path: "/opt/regluit/venv/bin/python" wsgi_python_path: "/opt/regluit/venv/bin/python"
git_repo: "https://github.com/EbookFoundation/regluit.git" git_repo: "https://github.com/EbookFoundation/regluit.git"
git_branch: "master" git_branch: "lencrypt"
### Variables in settings.prod.py ### ### Variables in settings.prod.py ###
mysql_db_name: "{{ vault_mysql_db_name }}" mysql_db_name: "{{ vault_mysql_db_name }}"

View File

@ -2,12 +2,8 @@
- name: Install apache - name: Install apache
become: yes become: yes
apt: apt:
name: "{{ item }}" name: ['apache2', 'libapache2-mod-wsgi', 'cronolog']
state: present state: present
with_items:
- 'apache2'
- 'libapache2-mod-wsgi'
- 'cronolog'
- name: Ensure apache is running and enabled - name: Ensure apache is running and enabled
become: yes become: yes

View File

@ -1,8 +1,38 @@
--- ---
- name: Make sure account exists and has given contacts. We agree to TOS.
acme_account:
account_key_src: certs/account-key.pem
state: present
terms_agreed: yes
contact:
- mailto: support@ebookfoundation.org
- name: Create a challenge for server_name using a account key file.
acme_certificate:
account_key_src: certs/account-key.pem
csr: "certs/{{ server_name }}.csr"
dest: /etc/ssl/certs/server.crt
fullchain_dest: /etc/ssl/certs/server-fullchain.crt
register: acme_challenge
- copy:
dest: /var/www/static/lencrypt/{{ acme_challenge['challenge_data'][server_name]['http-01']['resource'] }}
content: "{{ acme_challenge['challenge_data'][server_name]['http-01']['resource_value'] }}"
when: acme_challenge is changed
- name: Create a challenge for server_name using a account key file.
acme_certificate:
account_key_src: certs/account-key.pem
csr: "certs/{{ server_name }}.csr"
dest: /etc/ssl/certs/server.crt
fullchain_dest: /etc/ssl/certs/server-fullchain.crt"
data: "{{ acme_challenge }}"
- name: Copy server key - name: Copy server key
become: yes become: yes
copy: copy:
src: certs/server.key src: certs/m.unglue.it.key
dest: /etc/ssl/private/server.key dest: /etc/ssl/private/server.key
owner: "{{ user_name }}" owner: "{{ user_name }}"
group: "{{ user_name }}" group: "{{ user_name }}"
@ -12,28 +42,3 @@
tags: tags:
- certs - certs
- name: Copy STAR_unglue_it.crt
become: yes
copy:
src: certs/STAR_unglue_it.crt
dest: /etc/ssl/certs/server.crt
owner: "{{ user_name }}"
group: "{{ user_name }}"
mode: 0644
notify:
- restart apache
tags:
- certs
- name: Copy STAR_unglue_it.ca-bundle
become: yes
copy:
src: certs/STAR_unglue_it.ca-bundle
dest: /etc/ssl/certs/STAR_unglue_it.ca-bundle
owner: "{{ user_name }}"
group: "{{ user_name }}"
mode: 0600
notify:
- restart apache
tags:
- certs

View File

@ -25,7 +25,7 @@ SSLProtocol All -SSLv2 -SSLv3
SSLCertificateFile /etc/ssl/certs/server.crt SSLCertificateFile /etc/ssl/certs/server.crt
SSLCertificateKeyFile /etc/ssl/private/server.key SSLCertificateKeyFile /etc/ssl/private/server.key
SSLCertificateChainFile /etc/ssl/certs/STAR_unglue_it.ca-bundle SSLCertificateChainFile /etc/ssl/certs/server.ca-bundle
#SSLCertificateChainFile /etc/ssl/certs/gd_bundle.crt #SSLCertificateChainFile /etc/ssl/certs/gd_bundle.crt