From e56713301b19c67480d84b55dd513575b50cfd42 Mon Sep 17 00:00:00 2001
From: Jonas Gunz <himself@jonasgunz.de>
Date: Tue, 20 Sep 2022 18:11:00 +0200
Subject: ACME for signed_certificate

---
 roles/signed_certificate/tasks/main.yml | 27 +++++----------------------
 1 file changed, 5 insertions(+), 22 deletions(-)

(limited to 'roles/signed_certificate/tasks/main.yml')

diff --git a/roles/signed_certificate/tasks/main.yml b/roles/signed_certificate/tasks/main.yml
index 4e214d2..4fb424d 100644
--- a/roles/signed_certificate/tasks/main.yml
+++ b/roles/signed_certificate/tasks/main.yml
@@ -35,27 +35,10 @@
   become: yes
   when: not key_check.failed
 
-- name: Read Existing Certificate
-  community.crypto.x509_certificate_info:
-    path: '{{ cert_path }}/{{ cert_name }}.pem'
-    valid_at:
-      point_1: '{{ signed_certificate.renew_at }}'
-  ignore_errors: yes
-  become: yes
-  register: existing_cert
-
-- name: Check Certificate
-  assert:
-    that:
-      - existing_cert.valid_at.point_1
-      - not existing_cert.failed
-      - existing_cert.subject.commonName == ansible_facts.fqdn
-      - existing_cert.issuer.commonName == '{{ signed_certificate.issuer_cn }}'
-    success_msg: Certificate is valid
-    fail_msg: Certificate is not valid. creating a new one.
-  ignore_errors: yes
-  register: cert_assert
+- name: Trigger Cert Generation
+  include_tasks: selfsigned.yml
+  when: use_acme == false
 
 - name: Trigger Cert Generation
-  include: sign.yml
-  when: cert_assert.failed
+  include_tasks: letsencrypt.yml
+  when: use_acme == true
-- 
cgit v1.2.3