diff options
| author | Luke Hoersten <[email protected]> | 2025-05-29 21:34:48 -0500 |
|---|---|---|
| committer | Luke Hoersten <[email protected]> | 2025-05-29 21:34:48 -0500 |
| commit | aa78f093b6d298df46b2b39c62f6bec953bea248 (patch) | |
| tree | c4709a055a425c95c0c6da16c2b5ff11e7c20584 | |
| parent | a6f6bf556cf28894ac21d41396397acbbda524d7 (diff) | |
More cert fixes.
| -rw-r--r-- | certbot-dns-cloudflare/tasks/main.yaml | 27 | ||||
| -rw-r--r-- | certbot-dns-cloudflare/templates/letsencrypt.conf.j2 | 15 | ||||
| -rw-r--r-- | prosody/templates/prosody.sh.j2 | 2 |
3 files changed, 30 insertions, 14 deletions
diff --git a/certbot-dns-cloudflare/tasks/main.yaml b/certbot-dns-cloudflare/tasks/main.yaml index 26ad91e..7fdbbbe 100644 --- a/certbot-dns-cloudflare/tasks/main.yaml +++ b/certbot-dns-cloudflare/tasks/main.yaml @@ -13,20 +13,21 @@ owner: "root" group: "root" -- name: make renewal dir - become: yes - file: - path: "/etc/letsencrypt/renewal/" - state: "directory" +# - name: make renewal dir +# become: yes +# file: +# path: "/etc/letsencrypt/renewal/" +# state: "directory" -- name: configure renewal - become: yes - template: - src: "{{certbot_dns_cloudflare_conf}}" - dest: "/etc/letsencrypt/renewal/{{certbot_dns_cloudflare_domain}}.conf" - mode: "0644" - owner: "root" - group: "root" +## I dont think this is needed anymore. I think it get's installed automatically now. +# - name: configure renewal +# become: yes +# template: +# src: "letsencrypt.conf.j2" +# dest: "/etc/letsencrypt/renewal/{{certbot_dns_cloudflare_domain}}.conf" +# mode: "0644" +# owner: "root" +# group: "root" - name: check if cert exists become: yes diff --git a/certbot-dns-cloudflare/templates/letsencrypt.conf.j2 b/certbot-dns-cloudflare/templates/letsencrypt.conf.j2 new file mode 100644 index 0000000..b71081a --- /dev/null +++ b/certbot-dns-cloudflare/templates/letsencrypt.conf.j2 @@ -0,0 +1,15 @@ +# renew_before_expiry = 30 days +version = 2.9.0 +archive_dir = /etc/letsencrypt/archive/{{certbot_dns_cloudflare_domain}} +cert = /etc/letsencrypt/live/{{certbot_dns_cloudflare_domain}}/cert.pem +privkey = /etc/letsencrypt/live/{{certbot_dns_cloudflare_domain}}/privkey.pem +chain = /etc/letsencrypt/live/{{certbot_dns_cloudflare_domain}}/chain.pem +fullchain = /etc/letsencrypt/live/{{certbot_dns_cloudflare_domain}}/fullchain.pem + +# Options used in the renewal process +[renewalparams] +account = {{certbot_account}} +authenticator = dns-cloudflare +dns_cloudflare_credentials = /etc/letsencrypt/cred.conf +server = https://acme-v02.api.letsencrypt.org/directory +key_type = ecdsa diff --git a/prosody/templates/prosody.sh.j2 b/prosody/templates/prosody.sh.j2 index 8bb7b96..defe301 100644 --- a/prosody/templates/prosody.sh.j2 +++ b/prosody/templates/prosody.sh.j2 @@ -1,3 +1,3 @@ #! /bin/bash -prosodyctl --root cert import {{prosody_vhost}} /etc/letsencrypt/live/{{prosody_vhost}}/fullchain.pem +prosodyctl --root cert import {{prosody_vhost}} /etc/letsencrypt/live/{{prosody_vhost}}/ |