ansible-roles: certbot-dns-cloudflare/tasks/main.yaml@f3f30ba5580e (annotated)

133 effd8e58a796 Added certbot dns cloudflare role. Useful for when ISP blocks port 80. Luke Hoersten <luke@hoersten.org> parents: diff changeset	1	---
effd8e58a796 Added certbot dns cloudflare role. Useful for when ISP blocks port 80. Luke Hoersten <luke@hoersten.org> parents: diff changeset	2
effd8e58a796 Added certbot dns cloudflare role. Useful for when ISP blocks port 80. Luke Hoersten <luke@hoersten.org> parents: diff changeset	3	- name: apt install dns cloudflare
effd8e58a796 Added certbot dns cloudflare role. Useful for when ISP blocks port 80. Luke Hoersten <luke@hoersten.org> parents: diff changeset	4	become: yes
effd8e58a796 Added certbot dns cloudflare role. Useful for when ISP blocks port 80. Luke Hoersten <luke@hoersten.org> parents: diff changeset	5	apt: name="python3-certbot-dns-cloudflare"
effd8e58a796 Added certbot dns cloudflare role. Useful for when ISP blocks port 80. Luke Hoersten <luke@hoersten.org> parents: diff changeset	6
effd8e58a796 Added certbot dns cloudflare role. Useful for when ISP blocks port 80. Luke Hoersten <luke@hoersten.org> parents: diff changeset	7	- name: configure cloudflare credentials
effd8e58a796 Added certbot dns cloudflare role. Useful for when ISP blocks port 80. Luke Hoersten <luke@hoersten.org> parents: diff changeset	8	become: yes
effd8e58a796 Added certbot dns cloudflare role. Useful for when ISP blocks port 80. Luke Hoersten <luke@hoersten.org> parents: diff changeset	9	template:
effd8e58a796 Added certbot dns cloudflare role. Useful for when ISP blocks port 80. Luke Hoersten <luke@hoersten.org> parents: diff changeset	10	src: "cred.conf.j2"
effd8e58a796 Added certbot dns cloudflare role. Useful for when ISP blocks port 80. Luke Hoersten <luke@hoersten.org> parents: diff changeset	11	dest: "/etc/letsencrypt/cred.conf"
effd8e58a796 Added certbot dns cloudflare role. Useful for when ISP blocks port 80. Luke Hoersten <luke@hoersten.org> parents: diff changeset	12	mode: "0600"
effd8e58a796 Added certbot dns cloudflare role. Useful for when ISP blocks port 80. Luke Hoersten <luke@hoersten.org> parents: diff changeset	13	owner: "root"
effd8e58a796 Added certbot dns cloudflare role. Useful for when ISP blocks port 80. Luke Hoersten <luke@hoersten.org> parents: diff changeset	14	group: "root"
effd8e58a796 Added certbot dns cloudflare role. Useful for when ISP blocks port 80. Luke Hoersten <luke@hoersten.org> parents: diff changeset	15
243 f3f30ba5580e More cert fixes. Luke Hoersten <luke@hoersten.org> parents: 242 diff changeset	16	# - name: make renewal dir
f3f30ba5580e More cert fixes. Luke Hoersten <luke@hoersten.org> parents: 242 diff changeset	17	# become: yes
f3f30ba5580e More cert fixes. Luke Hoersten <luke@hoersten.org> parents: 242 diff changeset	18	# file:
f3f30ba5580e More cert fixes. Luke Hoersten <luke@hoersten.org> parents: 242 diff changeset	19	# path: "/etc/letsencrypt/renewal/"
f3f30ba5580e More cert fixes. Luke Hoersten <luke@hoersten.org> parents: 242 diff changeset	20	# state: "directory"
227 2e0366f2dcbe Tons of updates to fix migration to new server. Luke Hoersten <luke@hoersten.org> parents: 174 diff changeset	21
243 f3f30ba5580e More cert fixes. Luke Hoersten <luke@hoersten.org> parents: 242 diff changeset	22	## I dont think this is needed anymore. I think it get's installed automatically now.
f3f30ba5580e More cert fixes. Luke Hoersten <luke@hoersten.org> parents: 242 diff changeset	23	# - name: configure renewal
f3f30ba5580e More cert fixes. Luke Hoersten <luke@hoersten.org> parents: 242 diff changeset	24	# become: yes
f3f30ba5580e More cert fixes. Luke Hoersten <luke@hoersten.org> parents: 242 diff changeset	25	# template:
f3f30ba5580e More cert fixes. Luke Hoersten <luke@hoersten.org> parents: 242 diff changeset	26	# src: "letsencrypt.conf.j2"
f3f30ba5580e More cert fixes. Luke Hoersten <luke@hoersten.org> parents: 242 diff changeset	27	# dest: "/etc/letsencrypt/renewal/{{certbot_dns_cloudflare_domain}}.conf"
f3f30ba5580e More cert fixes. Luke Hoersten <luke@hoersten.org> parents: 242 diff changeset	28	# mode: "0644"
f3f30ba5580e More cert fixes. Luke Hoersten <luke@hoersten.org> parents: 242 diff changeset	29	# owner: "root"
f3f30ba5580e More cert fixes. Luke Hoersten <luke@hoersten.org> parents: 242 diff changeset	30	# group: "root"
174 431c6d5e5dd4 Lots of updates. Luke Hoersten <luke@hoersten.org> parents: 133 diff changeset	31
431c6d5e5dd4 Lots of updates. Luke Hoersten <luke@hoersten.org> parents: 133 diff changeset	32	- name: check if cert exists
431c6d5e5dd4 Lots of updates. Luke Hoersten <luke@hoersten.org> parents: 133 diff changeset	33	become: yes
242 e7083ad5c365 Fixed an error with overwriting certbot certs. Luke Hoersten <luke@hoersten.org> parents: 227 diff changeset	34	stat: path="/etc/letsencrypt/live/{{certbot_dns_cloudflare_domain}}/cert.pem"
174 431c6d5e5dd4 Lots of updates. Luke Hoersten <luke@hoersten.org> parents: 133 diff changeset	35	register: cert
431c6d5e5dd4 Lots of updates. Luke Hoersten <luke@hoersten.org> parents: 133 diff changeset	36
431c6d5e5dd4 Lots of updates. Luke Hoersten <luke@hoersten.org> parents: 133 diff changeset	37	- name: run certbot
431c6d5e5dd4 Lots of updates. Luke Hoersten <luke@hoersten.org> parents: 133 diff changeset	38	become: yes
242 e7083ad5c365 Fixed an error with overwriting certbot certs. Luke Hoersten <luke@hoersten.org> parents: 227 diff changeset	39	command: "certbot certonly -n --agree-tos --email {{certbot_dns_cloudflare_email}} --dns-cloudflare --dns-cloudflare-credentials /etc/letsencrypt/cred.conf --cert-name {{certbot_dns_cloudflare_domain}} -d {{certbot_dns_cloudflare_domain}} -d \"*.{{certbot_dns_cloudflare_domain}}\""
174 431c6d5e5dd4 Lots of updates. Luke Hoersten <luke@hoersten.org> parents: 133 diff changeset	40	when: not cert.stat.exists
431c6d5e5dd4 Lots of updates. Luke Hoersten <luke@hoersten.org> parents: 133 diff changeset	41	changed_when: false

author	Luke Hoersten <luke@hoersten.org>
	Thu, 29 May 2025 21:34:48 -0500
changeset 243	f3f30ba5580e
parent 242	e7083ad5c365
permissions	-rw-r--r--