blob: 9d84bd3138460900d69a33e0b03642d71e94fab6 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
|
---
- name: Create CSR
community.crypto.openssl_csr_pipe:
privatekey_path: '{{ key_path }}/{{ cert_name }}.key'
common_name: '{{ common_name }}'
subject_alt_name: '{{ alt_name }}'
register: request
become: yes
- name: Create a challenge using account key file.
community.crypto.acme_certificate:
account_key_content: '{{ acme.account_key }}'
modify_account: False
dest: '{{ cert_path }}/{{ cert_name }}.pem'
fullchain_dest: '{{ cert_path }}/{{ cert_name }}.fullchain.pem'
csr_content: '{{ request.csr }}'
challenge: dns-01
acme_directory: '{{ acme.directory }}'
acme_version: 2
remaining_days: '{{ acme.renew_at }}'
register: dns_challenge
- name: Create DNS Challenge DNS Entry in LiveDNS
community.general.gandi_livedns:
domain: '{{ acme.gandi.domain }}'
record: '{{ item.key }}.'
type: TXT
ttl: 300
values: "{{ item.value | map('regex_replace', '^(.*)$', '\"\\1\"' ) | list }}"
api_key: '{{ acme.gandi.api_key }}'
state: present
loop: "{{ dns_challenge.challenge_data_dns | dict2items }}"
when: dns_challenge is changed
- name: Wait a bit
pause:
seconds: 20
when: dns_challenge is changed
- name: Validate the challenge and install certificates and chain
community.crypto.acme_certificate:
account_key_content: '{{ acme.account_key }}'
modify_account: False
csr_content: '{{ request.csr }}'
dest: '{{ cert_path }}/{{ cert_name }}.pem'
fullchain_dest: '{{ cert_path }}/{{ cert_name }}.fullchain.pem'
challenge: dns-01
acme_directory: '{{ acme.directory }}'
acme_version: 2
remaining_days: '{{ acme.renew_at }}'
data: '{{ dns_challenge }}'
register: dns_challenge
when: dns_challenge is changed
become: yes
- name: Remove DNS Challenge DNS Entry in LiveDNS
community.general.gandi_livedns:
domain: '{{ acme.gandi.domain }}'
record: '{{ item.key }}.'
type: TXT
api_key: '{{ acme.gandi.api_key }}'
state: absent
loop: "{{ dns_challenge.challenge_data_dns | dict2items }}"
when: dns_challenge is changed
# ===========================
- name: Adjust file permissions
file:
path: '{{ item }}'
owner: '{{ owner }}'
group: '{{ group }}'
loop:
- '{{ cert_path }}/{{ cert_name }}.pem'
- '{{ cert_path }}/{{ cert_name }}.fullchain.pem'
become: yes
- name: Set cert_changed flag
set_fact:
cert_changed: True
when: dns_challenge is changed
|