roles/letsencrypt/tasks/domain.yml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26

- name: Set up certificate for domain
  become: true
  vars:
    certificate_name: '{{ domain.name | default(domain) }}'
    certificate_domains: "{{ domain.domains | default([certificate_name]) | sort | unique }}"
  block:
    - name: Cache domain list
      ansible.builtin.template:
        src: domain_list.txt.j2
        dest: '/etc/letsencrypt/.domains_{{ certificate_name }}.txt'
        owner: root
        group: root
        mode: '640'
      register: domain_list

    - name: 'Create certificate: {{ certificate_name }}'
      ansible.builtin.command: |
        certbot certonly --noninteractive --agree-tos \
            --cert-name '{{ certificate_name }}' \
            --email '{{ letsencrypt_email }}' \
            --domains '{{ certificate_domains | join(',') }}' \
            --preferred-challenges dns \
            --dns-digitalocean \
            --dns-digitalocean-credentials '{{ letsencrypt_credentials_ini }}' \
            --dns-digitalocean-propagation-seconds 30
      when: domain_list.changed