36 lines
929 B
YAML
36 lines
929 B
YAML
---
|
|
- name: Install certbot packages
|
|
ansible.builtin.apt:
|
|
name: "{{ certbot_packages }}"
|
|
state: present
|
|
update_cache: true
|
|
|
|
- name: Ensure ACME webroot exists
|
|
ansible.builtin.file:
|
|
path: /var/www/letsencrypt
|
|
state: directory
|
|
owner: www-data
|
|
group: www-data
|
|
mode: "0755"
|
|
|
|
- name: Enable certbot timer
|
|
ansible.builtin.service:
|
|
name: certbot.timer
|
|
enabled: true
|
|
state: started
|
|
|
|
- name: Request managed certificates
|
|
ansible.builtin.command:
|
|
cmd: >-
|
|
certbot certonly --non-interactive --agree-tos
|
|
--email {{ certbot_email }}
|
|
--webroot -w /var/www/letsencrypt
|
|
--cert-name {{ item.name }}
|
|
{% for domain in item.domains %}-d {{ domain }} {% endfor %}
|
|
args:
|
|
creates: "/etc/letsencrypt/live/{{ item.name }}/fullchain.pem"
|
|
when: certbot_manage_certificates | bool
|
|
loop: "{{ certbot_certificates }}"
|
|
loop_control:
|
|
label: "{{ item.name }}"
|