2021-04-26 00:07:37 +02:00
|
|
|
---
|
|
|
|
|
|
|
|
- name: issue certificates
|
|
|
|
command: >-
|
|
|
|
/usr/bin/certbot certonly
|
|
|
|
--server {{ cert.server | default(certbot_acme_server) }}
|
|
|
|
--agree-tos
|
|
|
|
{% if cert.email | default(certbot_email) is none %}
|
|
|
|
--register-unsafely-without-email
|
|
|
|
{% else %}
|
|
|
|
--email {{ cert.email | default(certbot_email) }}
|
|
|
|
{% endif %}
|
|
|
|
--cert-name {{ name }}
|
|
|
|
--rsa-key-size {{ cert.rsa_key_size | default(certbot_rsa_key_size) }}
|
|
|
|
|
|
|
|
{% if cert.challenge | default(certbot_challenge) == 'webroot' %}
|
|
|
|
|
|
|
|
--webroot
|
|
|
|
{% if cert.webroot_map is defined %}
|
2021-04-26 01:51:44 +02:00
|
|
|
--webroot-map '{{ cert.webroot_map | to_json }}'
|
2021-04-26 00:07:37 +02:00
|
|
|
{% else %}
|
|
|
|
--webroot {{ cert.webroot }}
|
|
|
|
{% for domain in cert.domains | default([name]) %}
|
|
|
|
--domain {{ domain }}
|
|
|
|
{% endfor %}
|
|
|
|
{% endif %}
|
|
|
|
|
|
|
|
{% else %}
|
|
|
|
|
|
|
|
--{{ cert.challenge | default(certbot_challenge) }}
|
|
|
|
{{ cert.challenge_freeform_arguments }}
|
|
|
|
|
|
|
|
{% endif %}
|
2021-04-26 00:37:40 +02:00
|
|
|
args:
|
|
|
|
creates: "/etc/letsencrypt/live/{{ name }}/fullchain.pem"
|
2021-04-26 00:07:37 +02:00
|
|
|
vars:
|
|
|
|
name: "{{ item.key }}"
|
|
|
|
cert: "{{ item.value }}"
|
|
|
|
loop: "{{ certbot_certificates | dict2items }}"
|