Use Certbot naming for certificate files
This commit is contained in:
julian
parent
29cb9f941c
commit
1a0636307b
|
|
@ -22,3 +22,4 @@ The `hosts` for this role need to be the machines on which you want to have the
|
|||
- <https://docs.ansible.com/ansible/7/collections/community/crypto/acme_certificate_module.html>
|
||||
- <https://docs.ansible.com/ansible/7/collections/community/crypto/openssl_privatekey_module.html>
|
||||
- <https://docs.ansible.com/ansible/7/collections/community/crypto/openssl_csr_module.html>
|
||||
- <https://eff-certbot.readthedocs.io/en/stable/using.html#where-are-my-certificates>
|
||||
|
|
|
|||
|
|
@ -27,7 +27,7 @@
|
|||
|
||||
- name: Ensure private key for certificate exists
|
||||
community.crypto.openssl_privatekey:
|
||||
path: "/etc/ansible_certs/certs/{{ item }}/key.pem"
|
||||
path: "/etc/ansible_certs/certs/{{ item }}/privkey.pem"
|
||||
size: 4096
|
||||
type: RSA
|
||||
owner: "{{ cert__owner }}"
|
||||
|
|
@ -38,7 +38,7 @@
|
|||
- name: Ensure certificate signing request is created
|
||||
community.crypto.openssl_csr:
|
||||
path: "/etc/ansible_certs/certs/{{ item }}/csr.pem"
|
||||
privatekey_path: "/etc/ansible_certs/certs/{{ item }}/key.pem"
|
||||
privatekey_path: "/etc/ansible_certs/certs/{{ item }}/privkey.pem"
|
||||
common_name: "{{ item }}"
|
||||
owner: "{{ cert__owner }}"
|
||||
group: "{{ cert__group }}"
|
||||
|
|
@ -164,10 +164,10 @@
|
|||
become: true
|
||||
register: cert__fullchain_slurp
|
||||
|
||||
- name: Ensure ca.pem is created
|
||||
- name: Ensure chain.pem is created
|
||||
ansible.builtin.copy:
|
||||
content: "{{ cert__fullchain_slurp.content | b64decode | replace(cert__cert_slurp.content | b64decode, '') }}"
|
||||
dest: "/etc/ansible_certs/certs/{{ item }}/ca.pem"
|
||||
dest: "/etc/ansible_certs/certs/{{ item }}/chain.pem"
|
||||
owner: "{{ cert__owner }}"
|
||||
group: "{{ cert__group }}"
|
||||
mode: "0660"
|
||||
|
|
|
|||
Loading…
Reference in a new issue