diff options
Diffstat (limited to 'roles/letsencrypt')
-rw-r--r-- | roles/letsencrypt/tasks/domain.yml | 52 | ||||
-rw-r--r-- | roles/letsencrypt/tasks/main.yml | 2 |
2 files changed, 26 insertions, 28 deletions
diff --git a/roles/letsencrypt/tasks/domain.yml b/roles/letsencrypt/tasks/domain.yml index 13717ef..d3cb50a 100644 --- a/roles/letsencrypt/tasks/domain.yml +++ b/roles/letsencrypt/tasks/domain.yml @@ -1,30 +1,26 @@ -- name: Set certificate name - ansible.builtin.set_fact: - certificate_name: '{{ item.name | default(item) }}' - -- name: Set certificate domains - ansible.builtin.set_fact: - certificate_domains: "{{ item.domains | default([certificate_name]) | sort | unique }}" - -- name: Cache domain list +- name: Set up certificate for domain become: true - ansible.builtin.template: - src: domain_list.txt - dest: '/etc/letsencrypt/.domains_{{ certificate_name }}.txt' - owner: root - group: root - mode: '640' - register: domain_list + vars: + certificate_name: '{{ domain.name | default(domain) }}' + certificate_domains: "{{ domain.domains | default([certificate_name]) | sort | unique }}" + block: + - name: Cache domain list + ansible.builtin.template: + src: domain_list.txt + dest: '/etc/letsencrypt/.domains_{{ certificate_name }}.txt' + owner: root + group: root + mode: '640' + register: domain_list -- name: 'Create certificate: {{ certificate_name }}' - become: true - ansible.builtin.command: | - certbot certonly --noninteractive --agree-tos \ - --cert-name '{{ certificate_name }}' \ - --email '{{ certbot_email }}' \ - --domains '{{ certificate_domains | join(',') }}' \ - --preferred-challenges dns \ - --dns-digitalocean \ - --dns-digitalocean-credentials '{{ certbot_ini }}' \ - --dns-digitalocean-propagation-seconds 30 - when: domain_list.changed + - name: 'Create certificate: {{ certificate_name }}' + ansible.builtin.command: | + certbot certonly --noninteractive --agree-tos \ + --cert-name '{{ certificate_name }}' \ + --email '{{ certbot_email }}' \ + --domains '{{ certificate_domains | join(',') }}' \ + --preferred-challenges dns \ + --dns-digitalocean \ + --dns-digitalocean-credentials '{{ certbot_ini }}' \ + --dns-digitalocean-propagation-seconds 30 + when: domain_list.changed diff --git a/roles/letsencrypt/tasks/main.yml b/roles/letsencrypt/tasks/main.yml index a4160d7..a1761a5 100644 --- a/roles/letsencrypt/tasks/main.yml +++ b/roles/letsencrypt/tasks/main.yml @@ -13,3 +13,5 @@ - name: Update certificates ansible.builtin.include_tasks: domain.yml loop: '{{ letsencrypt_domains }}' + loop_control: + loop_var: domain |