# HG changeset patch # User Luke Hoersten # Date 1748572488 18000 # Node ID f3f30ba5580e67b4942f48c80fa6fbb312c71f1a # Parent e7083ad5c365e5bd4c8e9c251aaf80d5d4f8f8de More cert fixes. diff -r e7083ad5c365 -r f3f30ba5580e certbot-dns-cloudflare/tasks/main.yaml --- a/certbot-dns-cloudflare/tasks/main.yaml Thu May 29 20:01:29 2025 -0500 +++ b/certbot-dns-cloudflare/tasks/main.yaml Thu May 29 21:34:48 2025 -0500 @@ -13,20 +13,21 @@ owner: "root" group: "root" -- name: make renewal dir - become: yes - file: - path: "/etc/letsencrypt/renewal/" - state: "directory" +# - name: make renewal dir +# become: yes +# file: +# path: "/etc/letsencrypt/renewal/" +# state: "directory" -- name: configure renewal - become: yes - template: - src: "{{certbot_dns_cloudflare_conf}}" - dest: "/etc/letsencrypt/renewal/{{certbot_dns_cloudflare_domain}}.conf" - mode: "0644" - owner: "root" - group: "root" +## I dont think this is needed anymore. I think it get's installed automatically now. +# - name: configure renewal +# become: yes +# template: +# src: "letsencrypt.conf.j2" +# dest: "/etc/letsencrypt/renewal/{{certbot_dns_cloudflare_domain}}.conf" +# mode: "0644" +# owner: "root" +# group: "root" - name: check if cert exists become: yes diff -r e7083ad5c365 -r f3f30ba5580e certbot-dns-cloudflare/templates/letsencrypt.conf.j2 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/certbot-dns-cloudflare/templates/letsencrypt.conf.j2 Thu May 29 21:34:48 2025 -0500 @@ -0,0 +1,15 @@ +# renew_before_expiry = 30 days +version = 2.9.0 +archive_dir = /etc/letsencrypt/archive/{{certbot_dns_cloudflare_domain}} +cert = /etc/letsencrypt/live/{{certbot_dns_cloudflare_domain}}/cert.pem +privkey = /etc/letsencrypt/live/{{certbot_dns_cloudflare_domain}}/privkey.pem +chain = /etc/letsencrypt/live/{{certbot_dns_cloudflare_domain}}/chain.pem +fullchain = /etc/letsencrypt/live/{{certbot_dns_cloudflare_domain}}/fullchain.pem + +# Options used in the renewal process +[renewalparams] +account = {{certbot_account}} +authenticator = dns-cloudflare +dns_cloudflare_credentials = /etc/letsencrypt/cred.conf +server = https://acme-v02.api.letsencrypt.org/directory +key_type = ecdsa diff -r e7083ad5c365 -r f3f30ba5580e prosody/templates/prosody.sh.j2 --- a/prosody/templates/prosody.sh.j2 Thu May 29 20:01:29 2025 -0500 +++ b/prosody/templates/prosody.sh.j2 Thu May 29 21:34:48 2025 -0500 @@ -1,3 +1,3 @@ #! /bin/bash -prosodyctl --root cert import {{prosody_vhost}} /etc/letsencrypt/live/{{prosody_vhost}}/fullchain.pem +prosodyctl --root cert import {{prosody_vhost}} /etc/letsencrypt/live/{{prosody_vhost}}/