julian
f0c5c2b265
Do this to not have dependencies on an NGINX setup. With those dependencies in place setting up the certificates initially would be quite painful, since a half-configured NGINX would need to be there for the challenge and then only after the certificates are present, the full NGINX configuration could be deployed successfully.
22 lines
1 KiB
YAML
22 lines
1 KiB
YAML
- name: get expiry date before
|
|
ansible.builtin.command: /usr/bin/openssl x509 -enddate -noout -in /etc/letsencrypt/live/{{ item }}/fullchain.pem
|
|
ignore_errors: true
|
|
become: true
|
|
changed_when: false
|
|
register: certbot__cert_expiry_before
|
|
|
|
- name: obtain the certificate using certbot
|
|
ansible.builtin.command: /usr/bin/certbot certonly --keep-until-expiring --agree-tos --non-interactive --email "{{ certbot__acme_account_email_address }}" --no-eff-email --standalone --http-01-port 31820 -d "{{ item }}"
|
|
become: true
|
|
changed_when: false
|
|
|
|
- name: get expiry date after
|
|
ansible.builtin.command: /usr/bin/openssl x509 -enddate -noout -in /etc/letsencrypt/live/{{ item }}/fullchain.pem
|
|
become: true
|
|
changed_when: false
|
|
register: certbot__cert_expiry_after
|
|
|
|
- name: potentially report changed
|
|
ansible.builtin.debug:
|
|
msg: "If this reports changed, then the certificate expiry date and therefore the certificate changed."
|
|
changed_when: certbot__cert_expiry_before.stdout != certbot__cert_expiry_after.stdout
|