ACME for signed_certificate

author: Jonas Gunz <himself@jonasgunz.de> 2022-09-20 18:11:00 +0200
committer: Jonas Gunz <himself@jonasgunz.de> 2022-09-20 18:11:00 +0200
commit: e56713301b19c67480d84b55dd513575b50cfd42 (patch)
tree: 335eb6d29bc208d9c8057bb83c08311b4cf0316d /roles/signed_certificate/tasks/selfsigned.yml
parent: 216bc43ef7a270925ac597806c06030354ba9149 (diff)
download: ansible_collection-e56713301b19c67480d84b55dd513575b50cfd42.tar.gz
1 files changed, 25 insertions, 0 deletions
diff --git a/roles/signed_certificate/tasks/selfsigned.yml b/roles/signed_certificate/tasks/selfsigned.yml
new file mode 100644
index 0000000..7b0957c
--- /dev/null
+++ b/roles/signed_certificate/tasks/selfsigned.yml
@@ -0,0 +1,25 @@
+---
+- name: Read Existing Certificate
+  community.crypto.x509_certificate_info:
+    path: '{{ cert_path }}/{{ cert_name }}.pem'
+    valid_at:
+      point_1: '{{ signed_certificate.renew_at }}'
+  ignore_errors: yes
+  become: yes
+  register: existing_cert
+
+- name: Check Certificate
+  assert:
+    that:
+      - existing_cert.valid_at.point_1
+      - not existing_cert.failed
+      - existing_cert.subject.commonName == common_name
+      - existing_cert.issuer.commonName == '{{ signed_certificate.issuer_cn }}'
+    success_msg: Certificate is valid
+    fail_msg: Certificate is not valid. creating a new one.
+  ignore_errors: yes
+  register: cert_assert
+
+- name: Trigger Cert Generation
+  include_tasks: sign_selfsigned.yml
+  when: cert_assert.failed
author	Jonas Gunz <himself@jonasgunz.de>	2022-09-20 18:11:00 +0200
committer	Jonas Gunz <himself@jonasgunz.de>	2022-09-20 18:11:00 +0200
commit	e56713301b19c67480d84b55dd513575b50cfd42 (patch)
tree	335eb6d29bc208d9c8057bb83c08311b4cf0316d /roles/signed_certificate/tasks/selfsigned.yml
parent	216bc43ef7a270925ac597806c06030354ba9149 (diff)
download	ansible_collection-e56713301b19c67480d84b55dd513575b50cfd42.tar.gz