Convert certbot role to use standalone instead of webroot

Do this to not have dependencies on an NGINX setup.
With those dependencies in place setting up the certificates initially
would be quite painful, since a half-configured NGINX would need to be
there for the challenge and then only after the certificates are
present, the full NGINX configuration could be deployed successfully.
This commit is contained in:
June 2023-08-02 22:46:01 +02:00 committed by julian
parent 5341f9dfba
commit f0c5c2b265
2 changed files with 1 additions and 10 deletions

View file

@ -6,7 +6,7 @@
register: certbot__cert_expiry_before
- name: obtain the certificate using certbot
ansible.builtin.command: /usr/bin/certbot certonly --keep-until-expiring --agree-tos --non-interactive --email "{{ certbot__acme_account_email_address }}" --no-eff-email --webroot --webroot-path /webroot-for-acme-challenge -d "{{ item }}"
ansible.builtin.command: /usr/bin/certbot certonly --keep-until-expiring --agree-tos --non-interactive --email "{{ certbot__acme_account_email_address }}" --no-eff-email --standalone --http-01-port 31820 -d "{{ item }}"
become: true
changed_when: false

View file

@ -1,12 +1,3 @@
- name: ensure directory for the webroot exists
ansible.builtin.file:
path: /webroot-for-acme-challenge/
state: directory
mode: "0755"
owner: root
group: root
become: true
- name: obtain certificates
loop: "{{ certbot__certificate_domains }}"
ansible.builtin.include_tasks: