From f50ffe6ab0ae8324a33dca5da5c8f0adb4a9881e Mon Sep 17 00:00:00 2001 From: eric Date: Wed, 30 Jan 2019 13:36:35 -0500 Subject: [PATCH] WIP --- roles/regluit_prod/tasks/certs.yml | 46 ++++++++++++++++++++++++------ roles/regluit_prod/tasks/main.yml | 6 ++-- 2 files changed, 40 insertions(+), 12 deletions(-) diff --git a/roles/regluit_prod/tasks/certs.yml b/roles/regluit_prod/tasks/certs.yml index e445f2c..8388ef3 100644 --- a/roles/regluit_prod/tasks/certs.yml +++ b/roles/regluit_prod/tasks/certs.yml @@ -2,37 +2,65 @@ - name: Make sure account exists and has given contacts. We agree to TOS. acme_account: - account_key_src: certs/account-key.pem + account_key_src: private/letsencrypt_account.key + acme_directory: https://acme-staging-v02.api.letsencrypt.org/directory + acme_version: 2 state: present terms_agreed: yes contact: - - mailto: support@ebookfoundation.org + - mailto:support@ebookfoundation.org + delegate_to: 127.0.0.1 - name: Create a challenge for server_name using a account key file. acme_certificate: - account_key_src: certs/account-key.pem - csr: "certs/{{ server_name }}.csr" + account_key_src: private/letsencrypt_account.key + acme_directory: https://acme-staging-v02.api.letsencrypt.org/directory + acme_version: 2 + csr: "private/{{ server_name }}.csr" dest: /etc/ssl/certs/server.crt fullchain_dest: /etc/ssl/certs/server-fullchain.crt + delegate_to: 127.0.0.1 register: acme_challenge + +- name: Create .well-known directory + become: yes + file: + path: "/var/www/static/.well-known" + state: directory + owner: "{{ user_name }}" + group: "{{ user_name }}" + mode: 0755 + +- name: Create acme-challenge directory + become: yes + file: + path: "/var/www/static/.well-known/acme-challenge" + state: directory + owner: "{{ user_name }}" + group: "{{ user_name }}" + mode: 0755 + - copy: - dest: /var/www/static/lencrypt/{{ acme_challenge['challenge_data'][server_name]['http-01']['resource'] }} + dest: /var/www/static/{{ acme_challenge['challenge_data'][server_name]['http-01']['resource'] }} content: "{{ acme_challenge['challenge_data'][server_name]['http-01']['resource_value'] }}" - when: acme_challenge is changed + when: acme_challenge is changed - name: Create a challenge for server_name using a account key file. acme_certificate: - account_key_src: certs/account-key.pem - csr: "certs/{{ server_name }}.csr" + account_key_src: private/letsencrypt_account.key + acme_directory: https://acme-staging-v02.api.letsencrypt.org/directory + acme_version: 2 + csr: "private/{{ server_name }}.csr" dest: /etc/ssl/certs/server.crt fullchain_dest: /etc/ssl/certs/server-fullchain.crt" data: "{{ acme_challenge }}" + delegate_to: 127.0.0.1 - name: Copy server key become: yes copy: - src: certs/m.unglue.it.key + src: certs/{{ server_name }}.key dest: /etc/ssl/private/server.key owner: "{{ user_name }}" group: "{{ user_name }}" diff --git a/roles/regluit_prod/tasks/main.yml b/roles/regluit_prod/tasks/main.yml index 663937d..f6f90c1 100644 --- a/roles/regluit_prod/tasks/main.yml +++ b/roles/regluit_prod/tasks/main.yml @@ -98,12 +98,12 @@ # - name: Run mysql tasks # import_tasks: mysql.yml -- name: Run cert tasks - import_tasks: certs.yml - - name: Run apache tasks import_tasks: apache.yml +- name: Run cert tasks + import_tasks: certs.yml + - name: Run celery tasks import_tasks: celery.yml