From f0c5c2b2651c77e5bdd0e7ad41e10fc046197472 Mon Sep 17 00:00:00 2001 From: julian Date: Wed, 2 Aug 2023 22:46:01 +0200 Subject: [PATCH] Convert certbot role to use standalone instead of webroot Do this to not have dependencies on an NGINX setup. With those dependencies in place setting up the certificates initially would be quite painful, since a half-configured NGINX would need to be there for the challenge and then only after the certificates are present, the full NGINX configuration could be deployed successfully. --- playbooks/roles/certbot/tasks/main/cert.yaml | 2 +- playbooks/roles/certbot/tasks/main/certs.yaml | 9 --------- 2 files changed, 1 insertion(+), 10 deletions(-) diff --git a/playbooks/roles/certbot/tasks/main/cert.yaml b/playbooks/roles/certbot/tasks/main/cert.yaml index cea35e6..5529f80 100644 --- a/playbooks/roles/certbot/tasks/main/cert.yaml +++ b/playbooks/roles/certbot/tasks/main/cert.yaml @@ -6,7 +6,7 @@ register: certbot__cert_expiry_before - name: obtain the certificate using certbot - ansible.builtin.command: /usr/bin/certbot certonly --keep-until-expiring --agree-tos --non-interactive --email "{{ certbot__acme_account_email_address }}" --no-eff-email --webroot --webroot-path /webroot-for-acme-challenge -d "{{ item }}" + ansible.builtin.command: /usr/bin/certbot certonly --keep-until-expiring --agree-tos --non-interactive --email "{{ certbot__acme_account_email_address }}" --no-eff-email --standalone --http-01-port 31820 -d "{{ item }}" become: true changed_when: false diff --git a/playbooks/roles/certbot/tasks/main/certs.yaml b/playbooks/roles/certbot/tasks/main/certs.yaml index 7c03b10..2b91184 100644 --- a/playbooks/roles/certbot/tasks/main/certs.yaml +++ b/playbooks/roles/certbot/tasks/main/certs.yaml @@ -1,12 +1,3 @@ -- name: ensure directory for the webroot exists - ansible.builtin.file: - path: /webroot-for-acme-challenge/ - state: directory - mode: "0755" - owner: root - group: root - become: true - - name: obtain certificates loop: "{{ certbot__certificate_domains }}" ansible.builtin.include_tasks: