Use Certbot naming for certificate files
This commit is contained in:
parent
29cb9f941c
commit
1a0636307b
|
@ -22,3 +22,4 @@ The `hosts` for this role need to be the machines on which you want to have the
|
||||||
- <https://docs.ansible.com/ansible/7/collections/community/crypto/acme_certificate_module.html>
|
- <https://docs.ansible.com/ansible/7/collections/community/crypto/acme_certificate_module.html>
|
||||||
- <https://docs.ansible.com/ansible/7/collections/community/crypto/openssl_privatekey_module.html>
|
- <https://docs.ansible.com/ansible/7/collections/community/crypto/openssl_privatekey_module.html>
|
||||||
- <https://docs.ansible.com/ansible/7/collections/community/crypto/openssl_csr_module.html>
|
- <https://docs.ansible.com/ansible/7/collections/community/crypto/openssl_csr_module.html>
|
||||||
|
- <https://eff-certbot.readthedocs.io/en/stable/using.html#where-are-my-certificates>
|
||||||
|
|
|
@ -27,7 +27,7 @@
|
||||||
|
|
||||||
- name: Ensure private key for certificate exists
|
- name: Ensure private key for certificate exists
|
||||||
community.crypto.openssl_privatekey:
|
community.crypto.openssl_privatekey:
|
||||||
path: "/etc/ansible_certs/certs/{{ item }}/key.pem"
|
path: "/etc/ansible_certs/certs/{{ item }}/privkey.pem"
|
||||||
size: 4096
|
size: 4096
|
||||||
type: RSA
|
type: RSA
|
||||||
owner: "{{ cert__owner }}"
|
owner: "{{ cert__owner }}"
|
||||||
|
@ -38,7 +38,7 @@
|
||||||
- name: Ensure certificate signing request is created
|
- name: Ensure certificate signing request is created
|
||||||
community.crypto.openssl_csr:
|
community.crypto.openssl_csr:
|
||||||
path: "/etc/ansible_certs/certs/{{ item }}/csr.pem"
|
path: "/etc/ansible_certs/certs/{{ item }}/csr.pem"
|
||||||
privatekey_path: "/etc/ansible_certs/certs/{{ item }}/key.pem"
|
privatekey_path: "/etc/ansible_certs/certs/{{ item }}/privkey.pem"
|
||||||
common_name: "{{ item }}"
|
common_name: "{{ item }}"
|
||||||
owner: "{{ cert__owner }}"
|
owner: "{{ cert__owner }}"
|
||||||
group: "{{ cert__group }}"
|
group: "{{ cert__group }}"
|
||||||
|
@ -164,10 +164,10 @@
|
||||||
become: true
|
become: true
|
||||||
register: cert__fullchain_slurp
|
register: cert__fullchain_slurp
|
||||||
|
|
||||||
- name: Ensure ca.pem is created
|
- name: Ensure chain.pem is created
|
||||||
ansible.builtin.copy:
|
ansible.builtin.copy:
|
||||||
content: "{{ cert__fullchain_slurp.content | b64decode | replace(cert__cert_slurp.content | b64decode, '') }}"
|
content: "{{ cert__fullchain_slurp.content | b64decode | replace(cert__cert_slurp.content | b64decode, '') }}"
|
||||||
dest: "/etc/ansible_certs/certs/{{ item }}/ca.pem"
|
dest: "/etc/ansible_certs/certs/{{ item }}/chain.pem"
|
||||||
owner: "{{ cert__owner }}"
|
owner: "{{ cert__owner }}"
|
||||||
group: "{{ cert__group }}"
|
group: "{{ cert__group }}"
|
||||||
mode: "0660"
|
mode: "0660"
|
||||||
|
|
Loading…
Reference in a new issue