Use cert role to deploy a valid certificate for esphome.ccchh.net

This commit is contained in:
yuri 2023-05-09 21:02:32 +02:00
parent ca3a30360f
commit 78023f5198
No known key found for this signature in database
GPG key ID: E646779AC54AEC64
3 changed files with 15 additions and 3 deletions

View file

@ -1,4 +1,11 @@
esphome__version: "2023.3.2"
cert__acme_account_email: jannes+letsencrypt-ccchh@grzb.de
cert__domains:
- "esphome.ccchh.net"
cert__bind_9_host: authoritative-dns
cert__bind_9_zone: ccchh.net
cert__handlers:
- Restart `nginx.service`
nginx__version_spec: ""
nginx__configurations:
- name: esphome

View file

@ -4,4 +4,5 @@
hosts: esphome
roles:
- esphome
- cert
- nginx

View file

@ -7,10 +7,14 @@ server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;
server_name esphome.ccchh.net;
server_name esphome.z9;
ssl_certificate /etc/ansible_certs/certs/esphome.ccchh.net/fullchain.pem;
ssl_certificate_key /etc/ansible_certs/certs/esphome.ccchh.net/privkey.pem;
# verify chain of trust of OCSP response using Root CA and Intermediate certs
ssl_trusted_certificate /etc/ansible_certs/certs/esphome.ccchh.net/chain.pem;
add_header Strict-Transport-Security "max-age=63072000" always;
location / {
proxy_set_header Host $host;