More cert fixes. default tip
authorLuke Hoersten <luke@hoersten.org>
Thu, 29 May 2025 21:34:48 -0500
changeset 243 f3f30ba5580e
parent 242 e7083ad5c365
More cert fixes.
certbot-dns-cloudflare/tasks/main.yaml
certbot-dns-cloudflare/templates/letsencrypt.conf.j2
prosody/templates/prosody.sh.j2
--- a/certbot-dns-cloudflare/tasks/main.yaml	Thu May 29 20:01:29 2025 -0500
+++ b/certbot-dns-cloudflare/tasks/main.yaml	Thu May 29 21:34:48 2025 -0500
@@ -13,20 +13,21 @@
     owner: "root"
     group: "root"
 
-- name: make renewal dir
-  become: yes
-  file:
-    path: "/etc/letsencrypt/renewal/"
-    state: "directory"
+# - name: make renewal dir
+#   become: yes
+#   file:
+#     path: "/etc/letsencrypt/renewal/"
+#     state: "directory"
 
-- name: configure renewal
-  become: yes
-  template:
-    src: "{{certbot_dns_cloudflare_conf}}"
-    dest: "/etc/letsencrypt/renewal/{{certbot_dns_cloudflare_domain}}.conf"
-    mode: "0644"
-    owner: "root"
-    group: "root"
+## I dont think this is needed anymore. I think it get's installed automatically now.
+# - name: configure renewal
+#   become: yes
+#   template:
+#     src: "letsencrypt.conf.j2"
+#     dest: "/etc/letsencrypt/renewal/{{certbot_dns_cloudflare_domain}}.conf"
+#     mode: "0644"
+#     owner: "root"
+#     group: "root"
 
 - name: check if cert exists
   become: yes
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/certbot-dns-cloudflare/templates/letsencrypt.conf.j2	Thu May 29 21:34:48 2025 -0500
@@ -0,0 +1,15 @@
+# renew_before_expiry = 30 days
+version = 2.9.0
+archive_dir = /etc/letsencrypt/archive/{{certbot_dns_cloudflare_domain}}
+cert = /etc/letsencrypt/live/{{certbot_dns_cloudflare_domain}}/cert.pem
+privkey = /etc/letsencrypt/live/{{certbot_dns_cloudflare_domain}}/privkey.pem
+chain = /etc/letsencrypt/live/{{certbot_dns_cloudflare_domain}}/chain.pem
+fullchain = /etc/letsencrypt/live/{{certbot_dns_cloudflare_domain}}/fullchain.pem
+
+# Options used in the renewal process
+[renewalparams]
+account = {{certbot_account}}
+authenticator = dns-cloudflare
+dns_cloudflare_credentials = /etc/letsencrypt/cred.conf
+server = https://acme-v02.api.letsencrypt.org/directory
+key_type = ecdsa
--- a/prosody/templates/prosody.sh.j2	Thu May 29 20:01:29 2025 -0500
+++ b/prosody/templates/prosody.sh.j2	Thu May 29 21:34:48 2025 -0500
@@ -1,3 +1,3 @@
 #! /bin/bash
 
-prosodyctl --root cert import {{prosody_vhost}} /etc/letsencrypt/live/{{prosody_vhost}}/fullchain.pem
+prosodyctl --root cert import {{prosody_vhost}} /etc/letsencrypt/live/{{prosody_vhost}}/