main.yml (2219B)
1 --- 2 - name: Assert that at least one certificate exist 3 stat: 4 path: "/etc/ssl/letsencrypt/{{ https_servers[0].server_name }}/cert.pem" 5 register: ssl_certificate_check 6 7 - name: Set main http service 8 template: 9 src: templates/httpd.conf.j2 10 dest: /etc/httpd.conf 11 owner: root 12 group: wheel 13 mode: 0640 14 notify: 15 - restart httpd 16 17 - name: start and enable httpd 18 service: 19 name: httpd 20 state: started 21 enabled: yes 22 23 - name: Create acme client config 24 template: 25 src: templates/acme-client.conf.j2 26 dest: /etc/acme-client.conf 27 owner: root 28 group: wheel 29 mode: 0644 30 31 - name: Create acme client main folder 32 file: 33 path: "/etc/ssl/letsencrypt" 34 state: directory 35 owner: root 36 group: wheel 37 mode: 0755 38 39 - name: Create acme client folder structure 40 file: 41 path: "/etc/ssl/letsencrypt/{{ item.server_name }}" 42 state: directory 43 owner: root 44 group: wheel 45 mode: 0755 46 with_items: "{{ https_servers }}" 47 48 - name: Call acme client for each domain 49 command: "/usr/sbin/acme-client -v {{ item.server_name }}" 50 args: 51 creates: "/etc/ssl/letsencrypt/{{ item.server_name }}/cert.pem" 52 notify: 53 - restart httpd 54 ignore_errors: yes 55 with_items: "{{ https_servers }}" 56 57 - name: Create renew script 58 template: 59 src: templates/renew_cert.sh.j2 60 dest: /usr/local/bin/renew_cert.sh 61 owner: root 62 group: wheel 63 mode: 0755 64 65 - name: renew script cron task 66 lineinfile: 67 path: /etc/daily.local 68 state: present 69 create: yes 70 line: /usr/local/bin/renew_cert.sh 71 owner: root 72 group: wheel 73 mode: 0444 74 75 - name: Create vhosts folder structure 76 file: 77 path: "/var/www{{ item.root }}" 78 state: directory 79 recurse: yes 80 owner: "{{ item.server_owner }}" 81 group: wheel 82 mode: 0755 83 with_items: "{{ https_servers }}" 84 85 - name: Create https services main folder 86 file: 87 path: "/etc/httpd.d" 88 state: directory 89 owner: root 90 group: wheel 91 mode: 0755 92 93 - name: Set https services 94 template: 95 src: templates/https-host.conf.j2 96 dest: "/etc/httpd.d/{{ item.server_name }}.conf" 97 owner: root 98 group: wheel 99 mode: 0640 100 notify: 101 - restart httpd 102 with_items: "{{ https_servers }}"