certbot-dns-cloudflare/tasks/main.yaml
author Luke Hoersten <luke@hoersten.org>
Sun, 21 Jan 2024 15:58:58 -0600
changeset 226 ce33bf94045f
parent 174 431c6d5e5dd4
child 227 2e0366f2dcbe
permissions -rw-r--r--
Added optional admin-local DNS bypass.
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
133
effd8e58a796 Added certbot dns cloudflare role. Useful for when ISP blocks port 80.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
     1
---
effd8e58a796 Added certbot dns cloudflare role. Useful for when ISP blocks port 80.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
     2
effd8e58a796 Added certbot dns cloudflare role. Useful for when ISP blocks port 80.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
     3
- name: apt install dns cloudflare
effd8e58a796 Added certbot dns cloudflare role. Useful for when ISP blocks port 80.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
     4
  become: yes
effd8e58a796 Added certbot dns cloudflare role. Useful for when ISP blocks port 80.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
     5
  apt: name="python3-certbot-dns-cloudflare"
effd8e58a796 Added certbot dns cloudflare role. Useful for when ISP blocks port 80.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
     6
effd8e58a796 Added certbot dns cloudflare role. Useful for when ISP blocks port 80.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
     7
- name: configure cloudflare credentials
effd8e58a796 Added certbot dns cloudflare role. Useful for when ISP blocks port 80.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
     8
  become: yes
effd8e58a796 Added certbot dns cloudflare role. Useful for when ISP blocks port 80.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
     9
  template:
effd8e58a796 Added certbot dns cloudflare role. Useful for when ISP blocks port 80.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
    10
    src: "cred.conf.j2"
effd8e58a796 Added certbot dns cloudflare role. Useful for when ISP blocks port 80.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
    11
    dest: "/etc/letsencrypt/cred.conf"
effd8e58a796 Added certbot dns cloudflare role. Useful for when ISP blocks port 80.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
    12
    mode: "0600"
effd8e58a796 Added certbot dns cloudflare role. Useful for when ISP blocks port 80.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
    13
    owner: "root"
effd8e58a796 Added certbot dns cloudflare role. Useful for when ISP blocks port 80.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
    14
    group: "root"
effd8e58a796 Added certbot dns cloudflare role. Useful for when ISP blocks port 80.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
    15
effd8e58a796 Added certbot dns cloudflare role. Useful for when ISP blocks port 80.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
    16
- name: configure renewal
effd8e58a796 Added certbot dns cloudflare role. Useful for when ISP blocks port 80.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
    17
  become: yes
effd8e58a796 Added certbot dns cloudflare role. Useful for when ISP blocks port 80.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
    18
  template:
effd8e58a796 Added certbot dns cloudflare role. Useful for when ISP blocks port 80.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
    19
    src: "{{certbot_dns_cloudflare_conf}}"
effd8e58a796 Added certbot dns cloudflare role. Useful for when ISP blocks port 80.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
    20
    dest: "/etc/letsencrypt/renewal/{{certbot_dns_cloudflare_domain}}.conf"
effd8e58a796 Added certbot dns cloudflare role. Useful for when ISP blocks port 80.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
    21
    mode: "0644"
effd8e58a796 Added certbot dns cloudflare role. Useful for when ISP blocks port 80.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
    22
    owner: "root"
effd8e58a796 Added certbot dns cloudflare role. Useful for when ISP blocks port 80.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
    23
    group: "root"
174
431c6d5e5dd4 Lots of updates.
Luke Hoersten <luke@hoersten.org>
parents: 133
diff changeset
    24
431c6d5e5dd4 Lots of updates.
Luke Hoersten <luke@hoersten.org>
parents: 133
diff changeset
    25
- name: check if cert exists
431c6d5e5dd4 Lots of updates.
Luke Hoersten <luke@hoersten.org>
parents: 133
diff changeset
    26
  become: yes
431c6d5e5dd4 Lots of updates.
Luke Hoersten <luke@hoersten.org>
parents: 133
diff changeset
    27
  stat: path="/etc/letsencrypt/live/{{certbot_dns_cloudflare_domain}}/cert.pem"
431c6d5e5dd4 Lots of updates.
Luke Hoersten <luke@hoersten.org>
parents: 133
diff changeset
    28
  register: cert
431c6d5e5dd4 Lots of updates.
Luke Hoersten <luke@hoersten.org>
parents: 133
diff changeset
    29
431c6d5e5dd4 Lots of updates.
Luke Hoersten <luke@hoersten.org>
parents: 133
diff changeset
    30
- name: run certbot
431c6d5e5dd4 Lots of updates.
Luke Hoersten <luke@hoersten.org>
parents: 133
diff changeset
    31
  become: yes
431c6d5e5dd4 Lots of updates.
Luke Hoersten <luke@hoersten.org>
parents: 133
diff changeset
    32
  command: "certbot certonly -n --dns-cloudflare --dns-cloudflare-credentials /etc/letsencrypt/cred.conf -d {{certbot_dns_cloudflare_domain}}"
431c6d5e5dd4 Lots of updates.
Luke Hoersten <luke@hoersten.org>
parents: 133
diff changeset
    33
  when: not cert.stat.exists
431c6d5e5dd4 Lots of updates.
Luke Hoersten <luke@hoersten.org>
parents: 133
diff changeset
    34
  changed_when: false