Convert certbot role to use standalone instead of webroot
Do this to not have dependencies on an NGINX setup. With those dependencies in place setting up the certificates initially would be quite painful, since a half-configured NGINX would need to be there for the challenge and then only after the certificates are present, the full NGINX configuration could be deployed successfully.
This commit is contained in:
parent
5341f9dfba
commit
f0c5c2b265
|
@ -6,7 +6,7 @@
|
|||
register: certbot__cert_expiry_before
|
||||
|
||||
- name: obtain the certificate using certbot
|
||||
ansible.builtin.command: /usr/bin/certbot certonly --keep-until-expiring --agree-tos --non-interactive --email "{{ certbot__acme_account_email_address }}" --no-eff-email --webroot --webroot-path /webroot-for-acme-challenge -d "{{ item }}"
|
||||
ansible.builtin.command: /usr/bin/certbot certonly --keep-until-expiring --agree-tos --non-interactive --email "{{ certbot__acme_account_email_address }}" --no-eff-email --standalone --http-01-port 31820 -d "{{ item }}"
|
||||
become: true
|
||||
changed_when: false
|
||||
|
||||
|
|
|
@ -1,12 +1,3 @@
|
|||
- name: ensure directory for the webroot exists
|
||||
ansible.builtin.file:
|
||||
path: /webroot-for-acme-challenge/
|
||||
state: directory
|
||||
mode: "0755"
|
||||
owner: root
|
||||
group: root
|
||||
become: true
|
||||
|
||||
- name: obtain certificates
|
||||
loop: "{{ certbot__certificate_domains }}"
|
||||
ansible.builtin.include_tasks:
|
||||
|
|
Loading…
Reference in a new issue