aboutsummaryrefslogtreecommitdiffstatshomepage
diff options
context:
space:
mode:
authorEgor Tensin <egor@tensin.name>2023-12-26 21:38:37 +0100
committerEgor Tensin <egor@tensin.name>2023-12-26 21:50:04 +0100
commitccfa4cb18d764ce2e4ef02545c829eaa0296ecf0 (patch)
tree33f691d1c97153d01063fae8e925cf880df1e923
parentv2.0.1 (diff)
downloadinfra-ansible-ccfa4cb18d764ce2e4ef02545c829eaa0296ecf0.tar.gz
infra-ansible-ccfa4cb18d764ce2e4ef02545c829eaa0296ecf0.zip
letsencrypt: don't sort SANs
Sort them in the /etc status file only, for consistency. This should allow users to supply the SANs in custom order, preserving the intended main certificate domain (or whatever the technical term is).
-rw-r--r--roles/letsencrypt/tasks/domain.yml2
-rw-r--r--roles/letsencrypt/templates/domain_list.txt.j22
2 files changed, 2 insertions, 2 deletions
diff --git a/roles/letsencrypt/tasks/domain.yml b/roles/letsencrypt/tasks/domain.yml
index bc6e581..0ff74e9 100644
--- a/roles/letsencrypt/tasks/domain.yml
+++ b/roles/letsencrypt/tasks/domain.yml
@@ -2,7 +2,7 @@
become: true
vars:
certificate_name: '{{ domain.name | default(domain) }}'
- certificate_domains: "{{ domain.domains | default([certificate_name]) | sort | unique }}"
+ certificate_domains: "{{ domain.domains | default([certificate_name]) | unique }}"
block:
- name: Cache domain list
ansible.builtin.template:
diff --git a/roles/letsencrypt/templates/domain_list.txt.j2 b/roles/letsencrypt/templates/domain_list.txt.j2
index d37e0bd..4641e2f 100644
--- a/roles/letsencrypt/templates/domain_list.txt.j2
+++ b/roles/letsencrypt/templates/domain_list.txt.j2
@@ -2,6 +2,6 @@
{{ letsencrypt_email }}
{{ letsencrypt_credentials_ini }}
-{% for domain in certificate_domains %}
+{% for domain in certificate_domains | sort %}
{{ domain }}
{% endfor %}