CCCHH/ansible-infra
CCCHH/ansible-infra
4
2
Fork 2
Code Issues 6 Pull requests 4 Wiki Activity Actions

Use Certbot naming for certificate files

Browse source
This commit is contained in:
julian 2023-05-01 00:18:59 +02:00
commit 1a0636307b
2 changed files with 5 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

1
playbooks/roles/cert/README.md
View file

@ -22,3 +22,4 @@ The `hosts` for this role need to be the machines on which you want to have the
- <https://docs.ansible.com/ansible/7/collections/community/crypto/acme_certificate_module.html>
- <https://docs.ansible.com/ansible/7/collections/community/crypto/openssl_privatekey_module.html>
- <https://docs.ansible.com/ansible/7/collections/community/crypto/openssl_csr_module.html>
- <https://eff-certbot.readthedocs.io/en/stable/using.html#where-are-my-certificates>

8
playbooks/roles/cert/tasks/deploy_cert.yml
View file

@ -27,7 +27,7 @@
- name: Ensure private key for certificate exists
community.crypto.openssl_privatekey:
path: "/etc/ansible_certs/certs/{{ item }}/key.pem"
path: "/etc/ansible_certs/certs/{{ item }}/privkey.pem"
size: 4096
type: RSA
owner: "{{ cert__owner }}"
@ -38,7 +38,7 @@
- name: Ensure certificate signing request is created
community.crypto.openssl_csr:
path: "/etc/ansible_certs/certs/{{ item }}/csr.pem"
privatekey_path: "/etc/ansible_certs/certs/{{ item }}/key.pem"
privatekey_path: "/etc/ansible_certs/certs/{{ item }}/privkey.pem"
common_name: "{{ item }}"
owner: "{{ cert__owner }}"
group: "{{ cert__group }}"
@ -164,10 +164,10 @@
become: true
register: cert__fullchain_slurp
- name: Ensure ca.pem is created
- name: Ensure chain.pem is created
ansible.builtin.copy:
content: "{{ cert__fullchain_slurp.content | b64decode | replace(cert__cert_slurp.content | b64decode, '') }}"
dest: "/etc/ansible_certs/certs/{{ item }}/ca.pem"
dest: "/etc/ansible_certs/certs/{{ item }}/chain.pem"
owner: "{{ cert__owner }}"
group: "{{ cert__group }}"
mode: "0660"