forked from CCCHH/ansible-infra
24 lines
1.1 KiB
YAML
24 lines
1.1 KiB
YAML
- name: get expiry date before
|
|
ansible.builtin.command: /usr/bin/openssl x509 -enddate -noout -in /etc/letsencrypt/live/{{ item }}/fullchain.pem
|
|
ignore_errors: true
|
|
become: true
|
|
changed_when: false
|
|
register: certbot__cert_expiry_before
|
|
|
|
- name: obtain the certificate using certbot
|
|
ansible.builtin.command: /usr/bin/certbot certonly --keep-until-expiring --agree-tos --non-interactive --email "{{ certbot__acme_account_email_address }}" --no-eff-email --standalone --http-01-port 31820 -d "{{ item }}"
|
|
become: true
|
|
changed_when: false
|
|
|
|
- name: get expiry date after
|
|
ansible.builtin.command: /usr/bin/openssl x509 -enddate -noout -in /etc/letsencrypt/live/{{ item }}/fullchain.pem
|
|
become: true
|
|
changed_when: false
|
|
register: certbot__cert_expiry_after
|
|
|
|
# Doesn't work anymore. Dunno why.
|
|
# TODO: Fix
|
|
# - name: potentially report changed
|
|
# ansible.builtin.debug:
|
|
# msg: "If this reports changed, then the certificate expiry date and therefore the certificate changed."
|
|
# changed_when: certbot__cert_expiry_before.stdout != certbot__cert_expiry_after.stdout
|