From aa78f093b6d298df46b2b39c62f6bec953bea248 Mon Sep 17 00:00:00 2001
From: Luke Hoersten <luke@hoersten.org>
Date: Thu, 29 May 2025 21:34:48 -0500
Subject: More cert fixes.

---
 certbot-dns-cloudflare/tasks/main.yaml             | 27 +++++++++++-----------
 .../templates/letsencrypt.conf.j2                  | 15 ++++++++++++
 prosody/templates/prosody.sh.j2                    |  2 +-
 3 files changed, 30 insertions(+), 14 deletions(-)
 create mode 100644 certbot-dns-cloudflare/templates/letsencrypt.conf.j2

diff --git a/certbot-dns-cloudflare/tasks/main.yaml b/certbot-dns-cloudflare/tasks/main.yaml
index 26ad91e..7fdbbbe 100644
--- a/certbot-dns-cloudflare/tasks/main.yaml
+++ b/certbot-dns-cloudflare/tasks/main.yaml
@@ -13,20 +13,21 @@
     owner: "root"
     group: "root"
 
-- name: make renewal dir
-  become: yes
-  file:
-    path: "/etc/letsencrypt/renewal/"
-    state: "directory"
+# - name: make renewal dir
+#   become: yes
+#   file:
+#     path: "/etc/letsencrypt/renewal/"
+#     state: "directory"
 
-- name: configure renewal
-  become: yes
-  template:
-    src: "{{certbot_dns_cloudflare_conf}}"
-    dest: "/etc/letsencrypt/renewal/{{certbot_dns_cloudflare_domain}}.conf"
-    mode: "0644"
-    owner: "root"
-    group: "root"
+## I dont think this is needed anymore. I think it get's installed automatically now.
+# - name: configure renewal
+#   become: yes
+#   template:
+#     src: "letsencrypt.conf.j2"
+#     dest: "/etc/letsencrypt/renewal/{{certbot_dns_cloudflare_domain}}.conf"
+#     mode: "0644"
+#     owner: "root"
+#     group: "root"
 
 - name: check if cert exists
   become: yes
diff --git a/certbot-dns-cloudflare/templates/letsencrypt.conf.j2 b/certbot-dns-cloudflare/templates/letsencrypt.conf.j2
new file mode 100644
index 0000000..b71081a
--- /dev/null
+++ b/certbot-dns-cloudflare/templates/letsencrypt.conf.j2
@@ -0,0 +1,15 @@
+# renew_before_expiry = 30 days
+version = 2.9.0
+archive_dir = /etc/letsencrypt/archive/{{certbot_dns_cloudflare_domain}}
+cert = /etc/letsencrypt/live/{{certbot_dns_cloudflare_domain}}/cert.pem
+privkey = /etc/letsencrypt/live/{{certbot_dns_cloudflare_domain}}/privkey.pem
+chain = /etc/letsencrypt/live/{{certbot_dns_cloudflare_domain}}/chain.pem
+fullchain = /etc/letsencrypt/live/{{certbot_dns_cloudflare_domain}}/fullchain.pem
+
+# Options used in the renewal process
+[renewalparams]
+account = {{certbot_account}}
+authenticator = dns-cloudflare
+dns_cloudflare_credentials = /etc/letsencrypt/cred.conf
+server = https://acme-v02.api.letsencrypt.org/directory
+key_type = ecdsa
diff --git a/prosody/templates/prosody.sh.j2 b/prosody/templates/prosody.sh.j2
index 8bb7b96..defe301 100644
--- a/prosody/templates/prosody.sh.j2
+++ b/prosody/templates/prosody.sh.j2
@@ -1,3 +1,3 @@
 #! /bin/bash
 
-prosodyctl --root cert import {{prosody_vhost}} /etc/letsencrypt/live/{{prosody_vhost}}/fullchain.pem
+prosodyctl --root cert import {{prosody_vhost}} /etc/letsencrypt/live/{{prosody_vhost}}/
-- 
cgit v1.2.3