Use correct archive paths with symlinks in live for letsencrypt

roles/tunuifranken/tasks/letsencrypt.yml

@@ -18,8 +18,9 @@
     group: root
     mode: 0755
   with_items:
-    - /etc/letsencrypt/archive
     - /etc/letsencrypt/renewal
+    - /etc/letsencrypt/archive
+    - /etc/letsencrypt/archive/tunuifranken.info
     - /etc/letsencrypt/live
     - /etc/letsencrypt/live/tunuifranken.info
 
@@ -44,13 +45,13 @@
 - name: Create private key for challenge
   become: true
   community.crypto.openssl_privatekey:
-    path: /etc/letsencrypt/live/tunuifranken.info/privkey.pem
+    path: /etc/letsencrypt/archive/tunuifranken.info/privkey1.pem
   register: challenge_privkey
 
 - name: Create csr for letsencrypt
   become: true
   community.crypto.openssl_csr_pipe:
-    privatekey_path: /etc/letsencrypt/live/tunuifranken.info/privkey.pem
+    privatekey_path: /etc/letsencrypt/archive/tunuifranken.info/privkey1.pem
     common_name: tunuifranken.info
   register: csr
   changed_when: challenge_privkey is changed
@@ -68,7 +69,9 @@
         terms_agreed: true
         csr_content: "{{ csr.csr }}"
         challenge: http-01
-        fullchain_dest: /etc/letsencrypt/live/tunuifranken.info/fullchain.pem
+        dest: /etc/letsencrypt/archive/tunuifranken.info/cert1.pem
+        chain_dest: /etc/letsencrypt/archive/tunuifranken.info/chain1.pem
+        fullchain_dest: /etc/letsencrypt/archive/tunuifranken.info/fullchain1.pem
       register: letsencrypt_challenge
     - name: Copy http-01 resource
       ansible.builtin.copy:
@@ -84,7 +87,9 @@
         account_key_content: "{{ account_privkey.privatekey }}"
         csr_content: "{{ csr.csr }}"
         challenge: http-01
-        fullchain_dest: /etc/letsencrypt/live/tunuifranken.info/fullchain.pem
+        dest: /etc/letsencrypt/archive/tunuifranken.info/cert1.pem
+        chain_dest: /etc/letsencrypt/archive/tunuifranken.info/chain1.pem
+        fullchain_dest: /etc/letsencrypt/archive/tunuifranken.info/fullchain1.pem
         data: "{{ letsencrypt_challenge }}"
       when: letsencrypt_challenge is changed and 'tunuifranken.info' in letsencrypt_challenge.challenge_data
     - name: Remove the http-01 resource
@@ -106,7 +111,9 @@
         terms_agreed: true
         csr_content: "{{ csr.csr }}"
         challenge: dns-01
-        fullchain_dest: /etc/letsencrypt/live/tunuifranken.info/fullchain.pem
+        dest: /etc/letsencrypt/archive/tunuifranken.info/cert1.pem
+        chain_dest: /etc/letsencrypt/archive/tunuifranken.info/chain1.pem
+        fullchain_dest: /etc/letsencrypt/archive/tunuifranken.info/fullchain1.pem
       register: letsencrypt_challenge
     - name: Create dns-01 record
       community.general.gandi_livedns:
@@ -131,7 +138,9 @@
         account_key_content: "{{ account_privkey.privatekey }}"
         csr_content: "{{ csr.csr }}"
         challenge: dns-01
-        fullchain_dest: /etc/letsencrypt/live/tunuifranken.info/fullchain.pem
+        dest: /etc/letsencrypt/archive/tunuifranken.info/cert1.pem
+        chain_dest: /etc/letsencrypt/archive/tunuifranken.info/chain1.pem
+        fullchain_dest: /etc/letsencrypt/archive/tunuifranken.info/fullchain1.pem
         data: "{{ letsencrypt_challenge }}"
       when: letsencrypt_challenge is changed and 'tunuifranken.info' in letsencrypt_challenge.challenge_data
     - name: Remove dns-01 record
@@ -142,3 +151,15 @@
         type: TXT
         state: absent
       when: letsencrypt_challenge is changed and 'tunuifranken.info' in letsencrypt_challenge.challenge_data
+
+- name: Create symlinks for the certificate
+  become: true
+  ansible.builtin.file:
+    path: "/etc/letsencrypt/live/tunuifranken.info/{{ item.dest }}"
+    src: "/etc/letsencrypt/archive/tunuifranken.info/{{ item.src }}"
+    state: link
+  with_items:
+    - {src: cert1.pem, dest: cert.pem}
+    - {src: chain1.pem, dest: chain.pem}
+    - {src: fullchain1.pem, dest: fullchain.pem}
+    - {src: privkey1.pem, dest: privkey.pem}