author | Luke Hoersten <luke@hoersten.org> |
Mon, 30 Jan 2023 14:28:02 -0600 | |
changeset 207 | e16c94c81b53 |
parent 174 | 431c6d5e5dd4 |
child 227 | 2e0366f2dcbe |
permissions | -rw-r--r-- |
133
effd8e58a796
Added certbot dns cloudflare role. Useful for when ISP blocks port 80.
Luke Hoersten <luke@hoersten.org>
parents:
diff
changeset
|
1 |
--- |
effd8e58a796
Added certbot dns cloudflare role. Useful for when ISP blocks port 80.
Luke Hoersten <luke@hoersten.org>
parents:
diff
changeset
|
2 |
|
effd8e58a796
Added certbot dns cloudflare role. Useful for when ISP blocks port 80.
Luke Hoersten <luke@hoersten.org>
parents:
diff
changeset
|
3 |
- name: apt install dns cloudflare |
effd8e58a796
Added certbot dns cloudflare role. Useful for when ISP blocks port 80.
Luke Hoersten <luke@hoersten.org>
parents:
diff
changeset
|
4 |
become: yes |
effd8e58a796
Added certbot dns cloudflare role. Useful for when ISP blocks port 80.
Luke Hoersten <luke@hoersten.org>
parents:
diff
changeset
|
5 |
apt: name="python3-certbot-dns-cloudflare" |
effd8e58a796
Added certbot dns cloudflare role. Useful for when ISP blocks port 80.
Luke Hoersten <luke@hoersten.org>
parents:
diff
changeset
|
6 |
|
effd8e58a796
Added certbot dns cloudflare role. Useful for when ISP blocks port 80.
Luke Hoersten <luke@hoersten.org>
parents:
diff
changeset
|
7 |
- name: configure cloudflare credentials |
effd8e58a796
Added certbot dns cloudflare role. Useful for when ISP blocks port 80.
Luke Hoersten <luke@hoersten.org>
parents:
diff
changeset
|
8 |
become: yes |
effd8e58a796
Added certbot dns cloudflare role. Useful for when ISP blocks port 80.
Luke Hoersten <luke@hoersten.org>
parents:
diff
changeset
|
9 |
template: |
effd8e58a796
Added certbot dns cloudflare role. Useful for when ISP blocks port 80.
Luke Hoersten <luke@hoersten.org>
parents:
diff
changeset
|
10 |
src: "cred.conf.j2" |
effd8e58a796
Added certbot dns cloudflare role. Useful for when ISP blocks port 80.
Luke Hoersten <luke@hoersten.org>
parents:
diff
changeset
|
11 |
dest: "/etc/letsencrypt/cred.conf" |
effd8e58a796
Added certbot dns cloudflare role. Useful for when ISP blocks port 80.
Luke Hoersten <luke@hoersten.org>
parents:
diff
changeset
|
12 |
mode: "0600" |
effd8e58a796
Added certbot dns cloudflare role. Useful for when ISP blocks port 80.
Luke Hoersten <luke@hoersten.org>
parents:
diff
changeset
|
13 |
owner: "root" |
effd8e58a796
Added certbot dns cloudflare role. Useful for when ISP blocks port 80.
Luke Hoersten <luke@hoersten.org>
parents:
diff
changeset
|
14 |
group: "root" |
effd8e58a796
Added certbot dns cloudflare role. Useful for when ISP blocks port 80.
Luke Hoersten <luke@hoersten.org>
parents:
diff
changeset
|
15 |
|
effd8e58a796
Added certbot dns cloudflare role. Useful for when ISP blocks port 80.
Luke Hoersten <luke@hoersten.org>
parents:
diff
changeset
|
16 |
- name: configure renewal |
effd8e58a796
Added certbot dns cloudflare role. Useful for when ISP blocks port 80.
Luke Hoersten <luke@hoersten.org>
parents:
diff
changeset
|
17 |
become: yes |
effd8e58a796
Added certbot dns cloudflare role. Useful for when ISP blocks port 80.
Luke Hoersten <luke@hoersten.org>
parents:
diff
changeset
|
18 |
template: |
effd8e58a796
Added certbot dns cloudflare role. Useful for when ISP blocks port 80.
Luke Hoersten <luke@hoersten.org>
parents:
diff
changeset
|
19 |
src: "{{certbot_dns_cloudflare_conf}}" |
effd8e58a796
Added certbot dns cloudflare role. Useful for when ISP blocks port 80.
Luke Hoersten <luke@hoersten.org>
parents:
diff
changeset
|
20 |
dest: "/etc/letsencrypt/renewal/{{certbot_dns_cloudflare_domain}}.conf" |
effd8e58a796
Added certbot dns cloudflare role. Useful for when ISP blocks port 80.
Luke Hoersten <luke@hoersten.org>
parents:
diff
changeset
|
21 |
mode: "0644" |
effd8e58a796
Added certbot dns cloudflare role. Useful for when ISP blocks port 80.
Luke Hoersten <luke@hoersten.org>
parents:
diff
changeset
|
22 |
owner: "root" |
effd8e58a796
Added certbot dns cloudflare role. Useful for when ISP blocks port 80.
Luke Hoersten <luke@hoersten.org>
parents:
diff
changeset
|
23 |
group: "root" |
174 | 24 |
|
25 |
- name: check if cert exists |
|
26 |
become: yes |
|
27 |
stat: path="/etc/letsencrypt/live/{{certbot_dns_cloudflare_domain}}/cert.pem" |
|
28 |
register: cert |
|
29 |
||
30 |
- name: run certbot |
|
31 |
become: yes |
|
32 |
command: "certbot certonly -n --dns-cloudflare --dns-cloudflare-credentials /etc/letsencrypt/cred.conf -d {{certbot_dns_cloudflare_domain}}" |
|
33 |
when: not cert.stat.exists |
|
34 |
changed_when: false |