flyingscorpio/self-hosting
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Finish http-01 letsencrypt challenge for tunuifranken.info

Browse source
This commit is contained in:
flyingscorpio@clevo 2023-01-19 16:14:31 +01:00
parent f8a1592b69
commit e71ade9964
2 changed files with 62 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
roles/setup_certbot/tasks/main.yml
View file

@ -6,12 +6,16 @@
state: present state: present
update_cache: true update_cache: true
- name: Create acme directory - name: Create acme directories
become: true become: true
ansible.builtin.file: ansible.builtin.file:
path: /var/www/acme path: "{{ item }}"
state: directory state: directory
mode: 0755 mode: 0755
with_items:
- /var/www/acme
- /var/www/acme/.well-known
- /var/www/acme/.well-known/acme-challenge
- name: Enable modules - name: Enable modules
become: true become: true

58
roles/tunuifranken/tasks/letsencrypt.yml
View file

@ -9,10 +9,64 @@
ansible.builtin.set_fact: ansible.builtin.set_fact:
target_public_ip: "{{ lookup('community.general.dig', 'tunuifranken.info', '@1.1.1.1') }}" target_public_ip: "{{ lookup('community.general.dig', 'tunuifranken.info', '@1.1.1.1') }}"
- name: Create needed directories
become: true
ansible.builtin.file:
path: "{{ item.path }}"
state: directory
owner: root
group: root
mode: "{{ item.mode }}"
with_items:
- {path: '/etc/letsencrypt/live', mode: '0700'}
- {path: '/etc/letsencrypt/live/tunuifranken.info', mode: '0755'}
- name: Create privkey for letsencrypt
become: true
community.crypto.openssl_privatekey:
path: /etc/letsencrypt/live/tunuifranken.info/privkey.pem
register: privkey
- name: Create csr for letsencrypt
become: true
community.crypto.openssl_csr_pipe:
privatekey_path: /etc/letsencrypt/live/tunuifranken.info/privkey.pem
common_name: tunuifranken.info
register: csr
changed_when: privkey is changed
- name: Do http-01 challenge - name: Do http-01 challenge
ansible.builtin.debug: become: true
msg: "http-01"
when: local_public_ip.content == target_public_ip when: local_public_ip.content == target_public_ip
block:
- name: Create acme challenge
community.crypto.acme_certificate:
acme_version: 2
acme_directory: https://acme-v02.api.letsencrypt.org/directory
account_key_src: /etc/letsencrypt/live/tunuifranken.info/privkey.pem
terms_agreed: true
csr_content: "{{ csr.csr }}"
challenge: http-01
fullchain_dest: /etc/letsencrypt/live/tunuifranken.info/fullchain.pem
register: letsencrypt_challenge
- name: Copy http-01 resource
ansible.builtin.copy:
dest: "/var/www/acme/{{ letsencrypt_challenge['challenge_data']['tunuifranken.info']['http-01']['resource'] }}"
content: "{{ letsencrypt_challenge['challenge_data']['tunuifranken.info']['http-01']['resource_value'] }}"
mode: 0644
when: letsencrypt_challenge is changed and 'tunuifranken.info' in letsencrypt_challenge.challenge_data
- name: Validate the challenge and get the cert
community.crypto.acme_certificate:
acme_version: 2
acme_directory: https://acme-v02.api.letsencrypt.org/directory
account_key_src: /etc/letsencrypt/live/tunuifranken.info/privkey.pem
csr_content: "{{ csr.csr }}"
fullchain_dest: /etc/letsencrypt/live/tunuifranken.info/fullchain.pem
data: "{{ letsencrypt_challenge }}"
- name: Remove the http-01 resource
ansible.builtin.file:
path: "/var/www/acme/{{ letsencrypt_challenge['challenge_data']['tunuifranken.info']['http-01']['resource'] }}"
state: absent
- name: Do dns-01 challenge - name: Do dns-01 challenge
ansible.builtin.debug: ansible.builtin.debug: