mirror/infrastructure
1
1
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/infrastructure.git synced 2025-01-18 08:06:16 +01:00
Code Issues
fail2ban-incremental-ban
infrastructure/roles/certificate/tasks/main.yml
Evangelos Foutras 26f289b72b
Capitalize the first letter of all task names 
ansible-lint 6.5.0 complains about:

  name: All names should start with an
        uppercase letter. (name[casing])
2022-08-23 06:57:13 +03:00

18 lines
1.1 KiB
YAML
Raw Permalink Blame History

- name: Create ssl cert (HTTP-01)
shell: |
set -o pipefail
# We can't start nginx without the certificate and we can't issue a certificate without nginx running.
# So use Python built-in http.server for the initial certificate issuance
python -m http.server --directory {{ letsencrypt_validation_dir }} 80 &
trap "jobs -p | xargs --no-run-if-empty kill" EXIT
certbot certonly --email {{ certificate_contact_email }} --agree-tos --rsa-key-size {{ certificate_rsa_key_size }} --renew-by-default --webroot -w {{ letsencrypt_validation_dir }} -d {{ domains | join(' -d ') }}
args:
creates: '/etc/letsencrypt/live/{{ domains | first }}/fullchain.pem'
when: challenge | default(certificate_challenge) == "HTTP-01"
- name: Create ssl cert (DNS-01)
command: certbot certonly --email {{ certificate_contact_email }} --agree-tos --rsa-key-size {{ certificate_rsa_key_size }} --renew-by-default --dns-rfc2136 --dns-rfc2136-credentials /etc/letsencrypt/rfc2136.ini -d {{ domains | join(' -d ') }}
args:
creates: '/etc/letsencrypt/live/{{ domains | first }}/fullchain.pem'
when: challenge | default(certificate_challenge) == "DNS-01"
View Git Blame Copy Permalink