certbot-dns-cloudflare/tasks/main.yaml
author Luke Hoersten <luke@hoersten.org>
Mon, 26 Jul 2021 16:08:03 -0500
changeset 175 5b2a3d2cce22
parent 174 431c6d5e5dd4
child 227 2e0366f2dcbe
permissions -rw-r--r--
Changing www root content does not require an nginx reload.

---

- name: apt install dns cloudflare
  become: yes
  apt: name="python3-certbot-dns-cloudflare"

- name: configure cloudflare credentials
  become: yes
  template:
    src: "cred.conf.j2"
    dest: "/etc/letsencrypt/cred.conf"
    mode: "0600"
    owner: "root"
    group: "root"

- name: configure renewal
  become: yes
  template:
    src: "{{certbot_dns_cloudflare_conf}}"
    dest: "/etc/letsencrypt/renewal/{{certbot_dns_cloudflare_domain}}.conf"
    mode: "0644"
    owner: "root"
    group: "root"

- name: check if cert exists
  become: yes
  stat: path="/etc/letsencrypt/live/{{certbot_dns_cloudflare_domain}}/cert.pem"
  register: cert

- name: run certbot
  become: yes
  command: "certbot certonly -n --dns-cloudflare --dns-cloudflare-credentials /etc/letsencrypt/cred.conf -d {{certbot_dns_cloudflare_domain}}"
  when: not cert.stat.exists
  changed_when: false