From 68eb6e331dc1f4cb2f6252c8079f1b66df94cde9 Mon Sep 17 00:00:00 2001 From: "flyingscorpio@clevo" Date: Fri, 20 Jan 2023 09:26:42 +0100 Subject: [PATCH] Fix letsencrypt challenge, using different account privkey --- roles/tunuifranken/tasks/letsencrypt.yml | 21 +++++++++++++-------- 1 file changed, 13 insertions(+), 8 deletions(-) diff --git a/roles/tunuifranken/tasks/letsencrypt.yml b/roles/tunuifranken/tasks/letsencrypt.yml index 5f62180..23bde48 100644 --- a/roles/tunuifranken/tasks/letsencrypt.yml +++ b/roles/tunuifranken/tasks/letsencrypt.yml @@ -21,11 +21,16 @@ - {path: '/etc/letsencrypt/live', mode: '0700'} - {path: '/etc/letsencrypt/live/tunuifranken.info', mode: '0755'} -- name: Create privkey for letsencrypt +- name: Create private key for account + become: true + community.crypto.openssl_privatekey_pipe: + register: account_privkey + +- name: Create private key for challenge become: true community.crypto.openssl_privatekey: path: /etc/letsencrypt/live/tunuifranken.info/privkey.pem - register: privkey + register: challenge_privkey - name: Create csr for letsencrypt become: true @@ -33,7 +38,7 @@ privatekey_path: /etc/letsencrypt/live/tunuifranken.info/privkey.pem common_name: tunuifranken.info register: csr - changed_when: privkey is changed + changed_when: challenge_privkey is changed - name: Do http-01 challenge become: true @@ -43,7 +48,7 @@ community.crypto.acme_certificate: acme_version: 2 acme_directory: https://acme-v02.api.letsencrypt.org/directory - account_key_src: /etc/letsencrypt/live/tunuifranken.info/privkey.pem + account_key_content: "{{ account_privkey.privatekey }}" terms_agreed: true csr_content: "{{ csr.csr }}" challenge: http-01 @@ -59,7 +64,7 @@ community.crypto.acme_certificate: acme_version: 2 acme_directory: https://acme-v02.api.letsencrypt.org/directory - account_key_src: /etc/letsencrypt/live/tunuifranken.info/privkey.pem + account_key_content: "{{ account_privkey.privatekey }}" csr_content: "{{ csr.csr }}" challenge: http-01 fullchain_dest: /etc/letsencrypt/live/tunuifranken.info/fullchain.pem @@ -78,7 +83,7 @@ community.crypto.acme_certificate: acme_version: 2 acme_directory: https://acme-v02.api.letsencrypt.org/directory - account_key_src: /etc/letsencrypt/live/tunuifranken.info/privkey.pem + account_key_content: "{{ account_privkey.privatekey }}" terms_agreed: true csr_content: "{{ csr.csr }}" challenge: dns-01 @@ -102,7 +107,7 @@ community.crypto.acme_certificate: acme_version: 2 acme_directory: https://acme-v02.api.letsencrypt.org/directory - account_key_src: /etc/letsencrypt/live/tunuifranken.info/privkey.pem + account_key_content: "{{ account_privkey.privatekey }}" csr_content: "{{ csr.csr }}" challenge: dns-01 fullchain_dest: /etc/letsencrypt/live/tunuifranken.info/fullchain.pem @@ -112,6 +117,6 @@ community.general.gandi_livedns: api_key: "{{ gandi_livedns_api_key }}" domain: tunuifranken.info - record: "{{ letsencrypt_challenge.challenge_data['tunuifranken.info']['dns-01'].record }}" + record: "{{ letsencrypt_challenge.challenge_data['tunuifranken.info']['dns-01'].resource }}" type: TXT state: absent