flyingscorpio/self-hosting
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Fix letsencrypt challenge, using different account privkey

Browse source
This commit is contained in:
flyingscorpio@clevo 2023-01-20 09:26:42 +01:00
parent b918e48ca3
commit 68eb6e331d
1 changed files with 13 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

21
roles/tunuifranken/tasks/letsencrypt.yml
View file

@ -21,11 +21,16 @@
- {path: '/etc/letsencrypt/live', mode: '0700'} - {path: '/etc/letsencrypt/live', mode: '0700'}
- {path: '/etc/letsencrypt/live/tunuifranken.info', mode: '0755'} - {path: '/etc/letsencrypt/live/tunuifranken.info', mode: '0755'}
- name: Create privkey for letsencrypt - name: Create private key for account
become: true
community.crypto.openssl_privatekey_pipe:
register: account_privkey
- name: Create private key for challenge
become: true become: true
community.crypto.openssl_privatekey: community.crypto.openssl_privatekey:
path: /etc/letsencrypt/live/tunuifranken.info/privkey.pem path: /etc/letsencrypt/live/tunuifranken.info/privkey.pem
register: privkey register: challenge_privkey
- name: Create csr for letsencrypt - name: Create csr for letsencrypt
become: true become: true
@ -33,7 +38,7 @@
privatekey_path: /etc/letsencrypt/live/tunuifranken.info/privkey.pem privatekey_path: /etc/letsencrypt/live/tunuifranken.info/privkey.pem
common_name: tunuifranken.info common_name: tunuifranken.info
register: csr register: csr
changed_when: privkey is changed changed_when: challenge_privkey is changed
- name: Do http-01 challenge - name: Do http-01 challenge
become: true become: true
@ -43,7 +48,7 @@
community.crypto.acme_certificate: community.crypto.acme_certificate:
acme_version: 2 acme_version: 2
acme_directory: https://acme-v02.api.letsencrypt.org/directory acme_directory: https://acme-v02.api.letsencrypt.org/directory
account_key_src: /etc/letsencrypt/live/tunuifranken.info/privkey.pem account_key_content: "{{ account_privkey.privatekey }}"
terms_agreed: true terms_agreed: true
csr_content: "{{ csr.csr }}" csr_content: "{{ csr.csr }}"
challenge: http-01 challenge: http-01
@ -59,7 +64,7 @@
community.crypto.acme_certificate: community.crypto.acme_certificate:
acme_version: 2 acme_version: 2
acme_directory: https://acme-v02.api.letsencrypt.org/directory acme_directory: https://acme-v02.api.letsencrypt.org/directory
account_key_src: /etc/letsencrypt/live/tunuifranken.info/privkey.pem account_key_content: "{{ account_privkey.privatekey }}"
csr_content: "{{ csr.csr }}" csr_content: "{{ csr.csr }}"
challenge: http-01 challenge: http-01
fullchain_dest: /etc/letsencrypt/live/tunuifranken.info/fullchain.pem fullchain_dest: /etc/letsencrypt/live/tunuifranken.info/fullchain.pem
@ -78,7 +83,7 @@
community.crypto.acme_certificate: community.crypto.acme_certificate:
acme_version: 2 acme_version: 2
acme_directory: https://acme-v02.api.letsencrypt.org/directory acme_directory: https://acme-v02.api.letsencrypt.org/directory
account_key_src: /etc/letsencrypt/live/tunuifranken.info/privkey.pem account_key_content: "{{ account_privkey.privatekey }}"
terms_agreed: true terms_agreed: true
csr_content: "{{ csr.csr }}" csr_content: "{{ csr.csr }}"
challenge: dns-01 challenge: dns-01
@ -102,7 +107,7 @@
community.crypto.acme_certificate: community.crypto.acme_certificate:
acme_version: 2 acme_version: 2
acme_directory: https://acme-v02.api.letsencrypt.org/directory acme_directory: https://acme-v02.api.letsencrypt.org/directory
account_key_src: /etc/letsencrypt/live/tunuifranken.info/privkey.pem account_key_content: "{{ account_privkey.privatekey }}"
csr_content: "{{ csr.csr }}" csr_content: "{{ csr.csr }}"
challenge: dns-01 challenge: dns-01
fullchain_dest: /etc/letsencrypt/live/tunuifranken.info/fullchain.pem fullchain_dest: /etc/letsencrypt/live/tunuifranken.info/fullchain.pem
@ -112,6 +117,6 @@
community.general.gandi_livedns: community.general.gandi_livedns:
api_key: "{{ gandi_livedns_api_key }}" api_key: "{{ gandi_livedns_api_key }}"
domain: tunuifranken.info domain: tunuifranken.info
record: "{{ letsencrypt_challenge.challenge_data['tunuifranken.info']['dns-01'].record }}" record: "{{ letsencrypt_challenge.challenge_data['tunuifranken.info']['dns-01'].resource }}"
type: TXT type: TXT
state: absent state: absent