Use Certbot naming for certificate files

This commit is contained in:
julian 2023-05-01 00:18:59 +02:00
parent 29cb9f941c
commit 1a0636307b
2 changed files with 5 additions and 4 deletions

View file

@ -22,3 +22,4 @@ The `hosts` for this role need to be the machines on which you want to have the
- <https://docs.ansible.com/ansible/7/collections/community/crypto/acme_certificate_module.html>
- <https://docs.ansible.com/ansible/7/collections/community/crypto/openssl_privatekey_module.html>
- <https://docs.ansible.com/ansible/7/collections/community/crypto/openssl_csr_module.html>
- <https://eff-certbot.readthedocs.io/en/stable/using.html#where-are-my-certificates>

View file

@ -27,7 +27,7 @@
- name: Ensure private key for certificate exists
community.crypto.openssl_privatekey:
path: "/etc/ansible_certs/certs/{{ item }}/key.pem"
path: "/etc/ansible_certs/certs/{{ item }}/privkey.pem"
size: 4096
type: RSA
owner: "{{ cert__owner }}"
@ -38,7 +38,7 @@
- name: Ensure certificate signing request is created
community.crypto.openssl_csr:
path: "/etc/ansible_certs/certs/{{ item }}/csr.pem"
privatekey_path: "/etc/ansible_certs/certs/{{ item }}/key.pem"
privatekey_path: "/etc/ansible_certs/certs/{{ item }}/privkey.pem"
common_name: "{{ item }}"
owner: "{{ cert__owner }}"
group: "{{ cert__group }}"
@ -164,10 +164,10 @@
become: true
register: cert__fullchain_slurp
- name: Ensure ca.pem is created
- name: Ensure chain.pem is created
ansible.builtin.copy:
content: "{{ cert__fullchain_slurp.content | b64decode | replace(cert__cert_slurp.content | b64decode, '') }}"
dest: "/etc/ansible_certs/certs/{{ item }}/ca.pem"
dest: "/etc/ansible_certs/certs/{{ item }}/chain.pem"
owner: "{{ cert__owner }}"
group: "{{ cert__group }}"
mode: "0660"