certbot-dns-cloudflare/tasks/main.yaml
author Luke Hoersten <luke@hoersten.org>
Sat, 10 Feb 2024 15:45:13 -0600
changeset 231 e3ebf2a606ea
parent 227 2e0366f2dcbe
permissions -rw-r--r--
Added paste limits
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
133
effd8e58a796 Added certbot dns cloudflare role. Useful for when ISP blocks port 80.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
     1
---
effd8e58a796 Added certbot dns cloudflare role. Useful for when ISP blocks port 80.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
     2
effd8e58a796 Added certbot dns cloudflare role. Useful for when ISP blocks port 80.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
     3
- name: apt install dns cloudflare
effd8e58a796 Added certbot dns cloudflare role. Useful for when ISP blocks port 80.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
     4
  become: yes
effd8e58a796 Added certbot dns cloudflare role. Useful for when ISP blocks port 80.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
     5
  apt: name="python3-certbot-dns-cloudflare"
effd8e58a796 Added certbot dns cloudflare role. Useful for when ISP blocks port 80.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
     6
effd8e58a796 Added certbot dns cloudflare role. Useful for when ISP blocks port 80.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
     7
- name: configure cloudflare credentials
effd8e58a796 Added certbot dns cloudflare role. Useful for when ISP blocks port 80.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
     8
  become: yes
effd8e58a796 Added certbot dns cloudflare role. Useful for when ISP blocks port 80.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
     9
  template:
effd8e58a796 Added certbot dns cloudflare role. Useful for when ISP blocks port 80.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
    10
    src: "cred.conf.j2"
effd8e58a796 Added certbot dns cloudflare role. Useful for when ISP blocks port 80.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
    11
    dest: "/etc/letsencrypt/cred.conf"
effd8e58a796 Added certbot dns cloudflare role. Useful for when ISP blocks port 80.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
    12
    mode: "0600"
effd8e58a796 Added certbot dns cloudflare role. Useful for when ISP blocks port 80.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
    13
    owner: "root"
effd8e58a796 Added certbot dns cloudflare role. Useful for when ISP blocks port 80.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
    14
    group: "root"
effd8e58a796 Added certbot dns cloudflare role. Useful for when ISP blocks port 80.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
    15
227
2e0366f2dcbe Tons of updates to fix migration to new server.
Luke Hoersten <luke@hoersten.org>
parents: 174
diff changeset
    16
- name: make renewal dir
2e0366f2dcbe Tons of updates to fix migration to new server.
Luke Hoersten <luke@hoersten.org>
parents: 174
diff changeset
    17
  become: yes
2e0366f2dcbe Tons of updates to fix migration to new server.
Luke Hoersten <luke@hoersten.org>
parents: 174
diff changeset
    18
  file:
2e0366f2dcbe Tons of updates to fix migration to new server.
Luke Hoersten <luke@hoersten.org>
parents: 174
diff changeset
    19
    path: "/etc/letsencrypt/renewal/"
2e0366f2dcbe Tons of updates to fix migration to new server.
Luke Hoersten <luke@hoersten.org>
parents: 174
diff changeset
    20
    state: "directory"
2e0366f2dcbe Tons of updates to fix migration to new server.
Luke Hoersten <luke@hoersten.org>
parents: 174
diff changeset
    21
133
effd8e58a796 Added certbot dns cloudflare role. Useful for when ISP blocks port 80.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
    22
- name: configure renewal
effd8e58a796 Added certbot dns cloudflare role. Useful for when ISP blocks port 80.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
    23
  become: yes
effd8e58a796 Added certbot dns cloudflare role. Useful for when ISP blocks port 80.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
    24
  template:
effd8e58a796 Added certbot dns cloudflare role. Useful for when ISP blocks port 80.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
    25
    src: "{{certbot_dns_cloudflare_conf}}"
effd8e58a796 Added certbot dns cloudflare role. Useful for when ISP blocks port 80.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
    26
    dest: "/etc/letsencrypt/renewal/{{certbot_dns_cloudflare_domain}}.conf"
effd8e58a796 Added certbot dns cloudflare role. Useful for when ISP blocks port 80.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
    27
    mode: "0644"
effd8e58a796 Added certbot dns cloudflare role. Useful for when ISP blocks port 80.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
    28
    owner: "root"
effd8e58a796 Added certbot dns cloudflare role. Useful for when ISP blocks port 80.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
    29
    group: "root"
174
431c6d5e5dd4 Lots of updates.
Luke Hoersten <luke@hoersten.org>
parents: 133
diff changeset
    30
431c6d5e5dd4 Lots of updates.
Luke Hoersten <luke@hoersten.org>
parents: 133
diff changeset
    31
- name: check if cert exists
431c6d5e5dd4 Lots of updates.
Luke Hoersten <luke@hoersten.org>
parents: 133
diff changeset
    32
  become: yes
227
2e0366f2dcbe Tons of updates to fix migration to new server.
Luke Hoersten <luke@hoersten.org>
parents: 174
diff changeset
    33
  stat: path="/etc/letsencrypt/live/{{certbot_dns_cloudflare_domain}}-0001/cert.pem"
174
431c6d5e5dd4 Lots of updates.
Luke Hoersten <luke@hoersten.org>
parents: 133
diff changeset
    34
  register: cert
431c6d5e5dd4 Lots of updates.
Luke Hoersten <luke@hoersten.org>
parents: 133
diff changeset
    35
431c6d5e5dd4 Lots of updates.
Luke Hoersten <luke@hoersten.org>
parents: 133
diff changeset
    36
- name: run certbot
431c6d5e5dd4 Lots of updates.
Luke Hoersten <luke@hoersten.org>
parents: 133
diff changeset
    37
  become: yes
227
2e0366f2dcbe Tons of updates to fix migration to new server.
Luke Hoersten <luke@hoersten.org>
parents: 174
diff changeset
    38
  command: "certbot certonly -n --agree-tos --email {{certbot_dns_cloudflare_email}} --dns-cloudflare --dns-cloudflare-credentials /etc/letsencrypt/cred.conf -d {{certbot_dns_cloudflare_domain}} -d \"*.{{certbot_dns_cloudflare_domain}}\""
174
431c6d5e5dd4 Lots of updates.
Luke Hoersten <luke@hoersten.org>
parents: 133
diff changeset
    39
  when: not cert.stat.exists
431c6d5e5dd4 Lots of updates.
Luke Hoersten <luke@hoersten.org>
parents: 133
diff changeset
    40
  changed_when: false