diff options
author | Egor Tensin <egor@tensin.name> | 2023-12-26 21:38:37 +0100 |
---|---|---|
committer | Egor Tensin <egor@tensin.name> | 2023-12-26 21:50:04 +0100 |
commit | ccfa4cb18d764ce2e4ef02545c829eaa0296ecf0 (patch) | |
tree | 33f691d1c97153d01063fae8e925cf880df1e923 | |
parent | v2.0.1 (diff) | |
download | infra-ansible-ccfa4cb18d764ce2e4ef02545c829eaa0296ecf0.tar.gz infra-ansible-ccfa4cb18d764ce2e4ef02545c829eaa0296ecf0.zip |
letsencrypt: don't sort SANs
Sort them in the /etc status file only, for consistency. This should
allow users to supply the SANs in custom order, preserving the intended
main certificate domain (or whatever the technical term is).
-rw-r--r-- | roles/letsencrypt/tasks/domain.yml | 2 | ||||
-rw-r--r-- | roles/letsencrypt/templates/domain_list.txt.j2 | 2 |
2 files changed, 2 insertions, 2 deletions
diff --git a/roles/letsencrypt/tasks/domain.yml b/roles/letsencrypt/tasks/domain.yml index bc6e581..0ff74e9 100644 --- a/roles/letsencrypt/tasks/domain.yml +++ b/roles/letsencrypt/tasks/domain.yml @@ -2,7 +2,7 @@ become: true vars: certificate_name: '{{ domain.name | default(domain) }}' - certificate_domains: "{{ domain.domains | default([certificate_name]) | sort | unique }}" + certificate_domains: "{{ domain.domains | default([certificate_name]) | unique }}" block: - name: Cache domain list ansible.builtin.template: diff --git a/roles/letsencrypt/templates/domain_list.txt.j2 b/roles/letsencrypt/templates/domain_list.txt.j2 index d37e0bd..4641e2f 100644 --- a/roles/letsencrypt/templates/domain_list.txt.j2 +++ b/roles/letsencrypt/templates/domain_list.txt.j2 @@ -2,6 +2,6 @@ {{ letsencrypt_email }} {{ letsencrypt_credentials_ini }} -{% for domain in certificate_domains %} +{% for domain in certificate_domains | sort %} {{ domain }} {% endfor %} |