author | Luke Hoersten <luke@hoersten.org> |
Sat, 20 Jul 2024 10:22:38 -0500 | |
changeset 233 | abc2c5c417a7 |
parent 227 | 2e0366f2dcbe |
permissions | -rw-r--r-- |
133
effd8e58a796
Added certbot dns cloudflare role. Useful for when ISP blocks port 80.
Luke Hoersten <luke@hoersten.org>
parents:
diff
changeset
|
1 |
--- |
effd8e58a796
Added certbot dns cloudflare role. Useful for when ISP blocks port 80.
Luke Hoersten <luke@hoersten.org>
parents:
diff
changeset
|
2 |
|
effd8e58a796
Added certbot dns cloudflare role. Useful for when ISP blocks port 80.
Luke Hoersten <luke@hoersten.org>
parents:
diff
changeset
|
3 |
- name: apt install dns cloudflare |
effd8e58a796
Added certbot dns cloudflare role. Useful for when ISP blocks port 80.
Luke Hoersten <luke@hoersten.org>
parents:
diff
changeset
|
4 |
become: yes |
effd8e58a796
Added certbot dns cloudflare role. Useful for when ISP blocks port 80.
Luke Hoersten <luke@hoersten.org>
parents:
diff
changeset
|
5 |
apt: name="python3-certbot-dns-cloudflare" |
effd8e58a796
Added certbot dns cloudflare role. Useful for when ISP blocks port 80.
Luke Hoersten <luke@hoersten.org>
parents:
diff
changeset
|
6 |
|
effd8e58a796
Added certbot dns cloudflare role. Useful for when ISP blocks port 80.
Luke Hoersten <luke@hoersten.org>
parents:
diff
changeset
|
7 |
- name: configure cloudflare credentials |
effd8e58a796
Added certbot dns cloudflare role. Useful for when ISP blocks port 80.
Luke Hoersten <luke@hoersten.org>
parents:
diff
changeset
|
8 |
become: yes |
effd8e58a796
Added certbot dns cloudflare role. Useful for when ISP blocks port 80.
Luke Hoersten <luke@hoersten.org>
parents:
diff
changeset
|
9 |
template: |
effd8e58a796
Added certbot dns cloudflare role. Useful for when ISP blocks port 80.
Luke Hoersten <luke@hoersten.org>
parents:
diff
changeset
|
10 |
src: "cred.conf.j2" |
effd8e58a796
Added certbot dns cloudflare role. Useful for when ISP blocks port 80.
Luke Hoersten <luke@hoersten.org>
parents:
diff
changeset
|
11 |
dest: "/etc/letsencrypt/cred.conf" |
effd8e58a796
Added certbot dns cloudflare role. Useful for when ISP blocks port 80.
Luke Hoersten <luke@hoersten.org>
parents:
diff
changeset
|
12 |
mode: "0600" |
effd8e58a796
Added certbot dns cloudflare role. Useful for when ISP blocks port 80.
Luke Hoersten <luke@hoersten.org>
parents:
diff
changeset
|
13 |
owner: "root" |
effd8e58a796
Added certbot dns cloudflare role. Useful for when ISP blocks port 80.
Luke Hoersten <luke@hoersten.org>
parents:
diff
changeset
|
14 |
group: "root" |
effd8e58a796
Added certbot dns cloudflare role. Useful for when ISP blocks port 80.
Luke Hoersten <luke@hoersten.org>
parents:
diff
changeset
|
15 |
|
227
2e0366f2dcbe
Tons of updates to fix migration to new server.
Luke Hoersten <luke@hoersten.org>
parents:
174
diff
changeset
|
16 |
- name: make renewal dir |
2e0366f2dcbe
Tons of updates to fix migration to new server.
Luke Hoersten <luke@hoersten.org>
parents:
174
diff
changeset
|
17 |
become: yes |
2e0366f2dcbe
Tons of updates to fix migration to new server.
Luke Hoersten <luke@hoersten.org>
parents:
174
diff
changeset
|
18 |
file: |
2e0366f2dcbe
Tons of updates to fix migration to new server.
Luke Hoersten <luke@hoersten.org>
parents:
174
diff
changeset
|
19 |
path: "/etc/letsencrypt/renewal/" |
2e0366f2dcbe
Tons of updates to fix migration to new server.
Luke Hoersten <luke@hoersten.org>
parents:
174
diff
changeset
|
20 |
state: "directory" |
2e0366f2dcbe
Tons of updates to fix migration to new server.
Luke Hoersten <luke@hoersten.org>
parents:
174
diff
changeset
|
21 |
|
133
effd8e58a796
Added certbot dns cloudflare role. Useful for when ISP blocks port 80.
Luke Hoersten <luke@hoersten.org>
parents:
diff
changeset
|
22 |
- name: configure renewal |
effd8e58a796
Added certbot dns cloudflare role. Useful for when ISP blocks port 80.
Luke Hoersten <luke@hoersten.org>
parents:
diff
changeset
|
23 |
become: yes |
effd8e58a796
Added certbot dns cloudflare role. Useful for when ISP blocks port 80.
Luke Hoersten <luke@hoersten.org>
parents:
diff
changeset
|
24 |
template: |
effd8e58a796
Added certbot dns cloudflare role. Useful for when ISP blocks port 80.
Luke Hoersten <luke@hoersten.org>
parents:
diff
changeset
|
25 |
src: "{{certbot_dns_cloudflare_conf}}" |
effd8e58a796
Added certbot dns cloudflare role. Useful for when ISP blocks port 80.
Luke Hoersten <luke@hoersten.org>
parents:
diff
changeset
|
26 |
dest: "/etc/letsencrypt/renewal/{{certbot_dns_cloudflare_domain}}.conf" |
effd8e58a796
Added certbot dns cloudflare role. Useful for when ISP blocks port 80.
Luke Hoersten <luke@hoersten.org>
parents:
diff
changeset
|
27 |
mode: "0644" |
effd8e58a796
Added certbot dns cloudflare role. Useful for when ISP blocks port 80.
Luke Hoersten <luke@hoersten.org>
parents:
diff
changeset
|
28 |
owner: "root" |
effd8e58a796
Added certbot dns cloudflare role. Useful for when ISP blocks port 80.
Luke Hoersten <luke@hoersten.org>
parents:
diff
changeset
|
29 |
group: "root" |
174 | 30 |
|
31 |
- name: check if cert exists |
|
32 |
become: yes |
|
227
2e0366f2dcbe
Tons of updates to fix migration to new server.
Luke Hoersten <luke@hoersten.org>
parents:
174
diff
changeset
|
33 |
stat: path="/etc/letsencrypt/live/{{certbot_dns_cloudflare_domain}}-0001/cert.pem" |
174 | 34 |
register: cert |
35 |
||
36 |
- name: run certbot |
|
37 |
become: yes |
|
227
2e0366f2dcbe
Tons of updates to fix migration to new server.
Luke Hoersten <luke@hoersten.org>
parents:
174
diff
changeset
|
38 |
command: "certbot certonly -n --agree-tos --email {{certbot_dns_cloudflare_email}} --dns-cloudflare --dns-cloudflare-credentials /etc/letsencrypt/cred.conf -d {{certbot_dns_cloudflare_domain}} -d \"*.{{certbot_dns_cloudflare_domain}}\"" |
174 | 39 |
when: not cert.stat.exists |
40 |
changed_when: false |