From 73c8ccb0ab257e39bd89e60077908fa13a94da84 Mon Sep 17 00:00:00 2001 From: "flyingscorpio@clevo" Date: Fri, 20 Jan 2023 14:52:15 +0100 Subject: [PATCH] Use correct archive paths with symlinks in live for letsencrypt --- roles/tunuifranken/tasks/letsencrypt.yml | 35 +++++++++++++++++++----- 1 file changed, 28 insertions(+), 7 deletions(-) diff --git a/roles/tunuifranken/tasks/letsencrypt.yml b/roles/tunuifranken/tasks/letsencrypt.yml index 1841f25..fbaea07 100644 --- a/roles/tunuifranken/tasks/letsencrypt.yml +++ b/roles/tunuifranken/tasks/letsencrypt.yml @@ -18,8 +18,9 @@ group: root mode: 0755 with_items: - - /etc/letsencrypt/archive - /etc/letsencrypt/renewal + - /etc/letsencrypt/archive + - /etc/letsencrypt/archive/tunuifranken.info - /etc/letsencrypt/live - /etc/letsencrypt/live/tunuifranken.info @@ -44,13 +45,13 @@ - name: Create private key for challenge become: true community.crypto.openssl_privatekey: - path: /etc/letsencrypt/live/tunuifranken.info/privkey.pem + path: /etc/letsencrypt/archive/tunuifranken.info/privkey1.pem register: challenge_privkey - name: Create csr for letsencrypt become: true community.crypto.openssl_csr_pipe: - privatekey_path: /etc/letsencrypt/live/tunuifranken.info/privkey.pem + privatekey_path: /etc/letsencrypt/archive/tunuifranken.info/privkey1.pem common_name: tunuifranken.info register: csr changed_when: challenge_privkey is changed @@ -68,7 +69,9 @@ terms_agreed: true csr_content: "{{ csr.csr }}" challenge: http-01 - fullchain_dest: /etc/letsencrypt/live/tunuifranken.info/fullchain.pem + dest: /etc/letsencrypt/archive/tunuifranken.info/cert1.pem + chain_dest: /etc/letsencrypt/archive/tunuifranken.info/chain1.pem + fullchain_dest: /etc/letsencrypt/archive/tunuifranken.info/fullchain1.pem register: letsencrypt_challenge - name: Copy http-01 resource ansible.builtin.copy: @@ -84,7 +87,9 @@ account_key_content: "{{ account_privkey.privatekey }}" csr_content: "{{ csr.csr }}" challenge: http-01 - fullchain_dest: /etc/letsencrypt/live/tunuifranken.info/fullchain.pem + dest: /etc/letsencrypt/archive/tunuifranken.info/cert1.pem + chain_dest: /etc/letsencrypt/archive/tunuifranken.info/chain1.pem + fullchain_dest: /etc/letsencrypt/archive/tunuifranken.info/fullchain1.pem data: "{{ letsencrypt_challenge }}" when: letsencrypt_challenge is changed and 'tunuifranken.info' in letsencrypt_challenge.challenge_data - name: Remove the http-01 resource @@ -106,7 +111,9 @@ terms_agreed: true csr_content: "{{ csr.csr }}" challenge: dns-01 - fullchain_dest: /etc/letsencrypt/live/tunuifranken.info/fullchain.pem + dest: /etc/letsencrypt/archive/tunuifranken.info/cert1.pem + chain_dest: /etc/letsencrypt/archive/tunuifranken.info/chain1.pem + fullchain_dest: /etc/letsencrypt/archive/tunuifranken.info/fullchain1.pem register: letsencrypt_challenge - name: Create dns-01 record community.general.gandi_livedns: @@ -131,7 +138,9 @@ account_key_content: "{{ account_privkey.privatekey }}" csr_content: "{{ csr.csr }}" challenge: dns-01 - fullchain_dest: /etc/letsencrypt/live/tunuifranken.info/fullchain.pem + dest: /etc/letsencrypt/archive/tunuifranken.info/cert1.pem + chain_dest: /etc/letsencrypt/archive/tunuifranken.info/chain1.pem + fullchain_dest: /etc/letsencrypt/archive/tunuifranken.info/fullchain1.pem data: "{{ letsencrypt_challenge }}" when: letsencrypt_challenge is changed and 'tunuifranken.info' in letsencrypt_challenge.challenge_data - name: Remove dns-01 record @@ -142,3 +151,15 @@ type: TXT state: absent when: letsencrypt_challenge is changed and 'tunuifranken.info' in letsencrypt_challenge.challenge_data + +- name: Create symlinks for the certificate + become: true + ansible.builtin.file: + path: "/etc/letsencrypt/live/tunuifranken.info/{{ item.dest }}" + src: "/etc/letsencrypt/archive/tunuifranken.info/{{ item.src }}" + state: link + with_items: + - {src: cert1.pem, dest: cert.pem} + - {src: chain1.pem, dest: chain.pem} + - {src: fullchain1.pem, dest: fullchain.pem} + - {src: privkey1.pem, dest: privkey.pem}