aboutsummaryrefslogblamecommitdiffstatshomepage
path: root/roles/letsencrypt/tasks/domain.yml
blob: bc6e58101e5b99639cf211ccb1be5863da3cea49 (plain) (tree)
1
2
3
4
5
6
7
8
9
                                     
              




                                                                                             
                               



                                                                    
 


                                                        
                                               

                                                               
                                                                                
                                                     
- name: Set up certificate for domain
  become: true
  vars:
    certificate_name: '{{ domain.name | default(domain) }}'
    certificate_domains: "{{ domain.domains | default([certificate_name]) | sort | unique }}"
  block:
    - name: Cache domain list
      ansible.builtin.template:
        src: domain_list.txt.j2
        dest: '/etc/letsencrypt/.domains_{{ certificate_name }}.txt'
        owner: root
        group: root
        mode: '640'
      register: domain_list

    - name: 'Create certificate: {{ certificate_name }}'
      ansible.builtin.command: |
        certbot certonly --noninteractive --agree-tos \
            --cert-name '{{ certificate_name }}' \
            --email '{{ letsencrypt_email }}' \
            --domains '{{ certificate_domains | join(',') }}' \
            --preferred-challenges dns \
            --dns-digitalocean \
            --dns-digitalocean-credentials '{{ letsencrypt_credentials_ini }}' \
            --dns-digitalocean-propagation-seconds 30
      when: domain_list.changed