From e47d57ef4e5664940f553a9de7c6ee2b47e56255 Mon Sep 17 00:00:00 2001 From: Egor Tensin Date: Wed, 9 Aug 2023 01:35:26 +0200 Subject: letsencrypt: update certificates on subdomain changes --- roles/letsencrypt/tasks/domain.yml | 17 +++++++++++++---- roles/letsencrypt/templates/domain_list.txt | 3 +++ 2 files changed, 16 insertions(+), 4 deletions(-) create mode 100644 roles/letsencrypt/templates/domain_list.txt (limited to 'roles') diff --git a/roles/letsencrypt/tasks/domain.yml b/roles/letsencrypt/tasks/domain.yml index 0b713cc..13717ef 100644 --- a/roles/letsencrypt/tasks/domain.yml +++ b/roles/letsencrypt/tasks/domain.yml @@ -4,7 +4,17 @@ - name: Set certificate domains ansible.builtin.set_fact: - certificate_domains: "{{ item.domains | default([certificate_name]) | join(',') }}" + certificate_domains: "{{ item.domains | default([certificate_name]) | sort | unique }}" + +- name: Cache domain list + become: true + ansible.builtin.template: + src: domain_list.txt + dest: '/etc/letsencrypt/.domains_{{ certificate_name }}.txt' + owner: root + group: root + mode: '640' + register: domain_list - name: 'Create certificate: {{ certificate_name }}' become: true @@ -12,10 +22,9 @@ certbot certonly --noninteractive --agree-tos \ --cert-name '{{ certificate_name }}' \ --email '{{ certbot_email }}' \ - --domains '{{ certificate_domains }}' \ + --domains '{{ certificate_domains | join(',') }}' \ --preferred-challenges dns \ --dns-digitalocean \ --dns-digitalocean-credentials '{{ certbot_ini }}' \ --dns-digitalocean-propagation-seconds 30 - args: - creates: '/etc/letsencrypt/live/{{ certificate_name }}' + when: domain_list.changed diff --git a/roles/letsencrypt/templates/domain_list.txt b/roles/letsencrypt/templates/domain_list.txt new file mode 100644 index 0000000..8cd60f8 --- /dev/null +++ b/roles/letsencrypt/templates/domain_list.txt @@ -0,0 +1,3 @@ +{% for domain in certificate_domains %} +{{ domain }} +{% endfor %} -- cgit v1.2.3