Deploy certs for keycloak-admin and id.ccchh.net using certbot role

inventories/z9/host_vars/keycloak.yaml

@@ -1,12 +1,11 @@
 docker_compose__compose_file_content: "{{ lookup('ansible.builtin.template', 'configs/keycloak/compose.yaml.j2') }}"
 docker_compose__configuration_files: [ ]
 
-cert__acme_account_email: j+letsencrypt-ccchh@jsts.xyz
+certbot__version_spec: ""
-cert__domains:
+certbot__acme_account_email_address: j+letsencrypt-ccchh@jsts.xyz
+certbot__certificate_domains:
   - "id.ccchh.net"
   - "keycloak-admin.ccchh.net"
-cert__bind_9_host: authoritative-dns
-cert__bind_9_zone: ccchh.net
 
 nginx__version_spec: ""
 nginx__configurations:

inventories/z9/hosts.yaml

@@ -52,12 +52,12 @@ all:
     cert_hosts:
       hosts:
         esphome:
-        keycloak:
         wiki:
         engelsystem:
     certbot_hosts:
       hosts:
         zigbee2mqtt:
+        keycloak:
     ssh_server_config_hosts:
       hosts:
         keycloak:

playbooks/files/configs/keycloak/nginx/id.ccchh.net.conf

@@ -15,10 +15,10 @@ server {
 
     server_name id.ccchh.net;
 
-    ssl_certificate /etc/ansible_certs/certs/id.ccchh.net/fullchain.pem;
+    ssl_certificate /etc/letsencrypt/live/id.ccchh.net/fullchain.pem;
-    ssl_certificate_key /etc/ansible_certs/certs/id.ccchh.net/privkey.pem;
+    ssl_certificate_key /etc/letsencrypt/live/id.ccchh.net/privkey.pem;
     # verify chain of trust of OCSP response using Root CA and Intermediate certs
-    ssl_trusted_certificate /etc/ansible_certs/certs/id.ccchh.net/chain.pem;
+    ssl_trusted_certificate /etc/letsencrypt/live/id.ccchh.net/chain.pem;
 
     # HSTS (ngx_http_headers_module is required) (63072000 seconds)
     add_header Strict-Transport-Security "max-age=63072000" always;

playbooks/files/configs/keycloak/nginx/keycloak-admin.ccchh.net.conf

@@ -7,10 +7,10 @@ server {
 
     server_name keycloak-admin.ccchh.net;
 
-    ssl_certificate /etc/ansible_certs/certs/keycloak-admin.ccchh.net/fullchain.pem;
+    ssl_certificate /etc/letsencrypt/live/keycloak-admin.ccchh.net/fullchain.pem;
-    ssl_certificate_key /etc/ansible_certs/certs/keycloak-admin.ccchh.net/privkey.pem;
+    ssl_certificate_key /etc/letsencrypt/live/keycloak-admin.ccchh.net/privkey.pem;
     # verify chain of trust of OCSP response using Root CA and Intermediate certs
-    ssl_trusted_certificate /etc/ansible_certs/certs/keycloak-admin.ccchh.net/chain.pem;
+    ssl_trusted_certificate /etc/letsencrypt/live/keycloak-admin.ccchh.net/chain.pem;
 
     # HSTS (ngx_http_headers_module is required) (63072000 seconds)
     add_header Strict-Transport-Security "max-age=63072000" always;

playbooks/files/configs/public-reverse-proxy/nginx/acme_challenge.conf

@@ -8,6 +8,8 @@ map $host $upstream_acme_challenge_host {
     thinkcccore3.ccchh.net 10.31.242.6;
     wiki.ccchh.net 10.31.206.13;
     zigbee2mqtt.ccchh.net 10.31.208.25:31820;
+    id.ccchh.net 10.31.206.12:31820;
+    keycloak-admin.ccchh.net 10.31.206.12:31820;
     default "";
 }