Use one ACME account key per host

This is nicer for us, since this avoids sharing a secret. Also put certificate directories in `certs` sub-directory for better organization.
2023-04-25 18:03:59 +02:00 · 2023-04-25 18:03:59 +02:00 · 4814ea8bda
commit 4814ea8bda
parent f9c51842fd
2 changed files with 43 additions and 33 deletions
--- a/playbooks/roles/cert/meta/argument_specs.yml
+++ b/playbooks/roles/cert/meta/argument_specs.yml
@ -18,19 +18,10 @@ argument_specs:
        required: false
        type: str
        default: root
-      cert__acme_account:
-        description: ACME account details
+      cert__acme_account_email:
+        description: E-Mail address for ACME account
        required: true
-        type: dict
-        options:
-          email:
-            description: E-mail address to send certificate expiary notifications to
-            required: true
-            type: str
-          key:
-            description: Private RSA or Elliptic Curve key of the ACME account
-            required: true
-            type: str
+        type: str
      cert__cloudflare_dns:
        description: Cloudflare DNS API details
        required: true