From e56713301b19c67480d84b55dd513575b50cfd42 Mon Sep 17 00:00:00 2001
From: Jonas Gunz <himself@jonasgunz.de>
Date: Tue, 20 Sep 2022 18:11:00 +0200
Subject: ACME for signed_certificate

---
 roles/signed_certificate/tasks/selfsigned.yml | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)
 create mode 100644 roles/signed_certificate/tasks/selfsigned.yml

(limited to 'roles/signed_certificate/tasks/selfsigned.yml')

diff --git a/roles/signed_certificate/tasks/selfsigned.yml b/roles/signed_certificate/tasks/selfsigned.yml
new file mode 100644
index 0000000..7b0957c
--- /dev/null
+++ b/roles/signed_certificate/tasks/selfsigned.yml
@@ -0,0 +1,25 @@
+---
+- name: Read Existing Certificate
+  community.crypto.x509_certificate_info:
+    path: '{{ cert_path }}/{{ cert_name }}.pem'
+    valid_at:
+      point_1: '{{ signed_certificate.renew_at }}'
+  ignore_errors: yes
+  become: yes
+  register: existing_cert
+
+- name: Check Certificate
+  assert:
+    that:
+      - existing_cert.valid_at.point_1
+      - not existing_cert.failed
+      - existing_cert.subject.commonName == common_name
+      - existing_cert.issuer.commonName == '{{ signed_certificate.issuer_cn }}'
+    success_msg: Certificate is valid
+    fail_msg: Certificate is not valid. creating a new one.
+  ignore_errors: yes
+  register: cert_assert
+
+- name: Trigger Cert Generation
+  include_tasks: sign_selfsigned.yml
+  when: cert_assert.failed
-- 
cgit v1.2.3