61 lines
2.3 KiB
YAML
61 lines
2.3 KiB
YAML
|
---
|
||
|
# These tasks run in a loop for each domain so that we can check for existing certificates
|
||
|
# and only order new ones if they don't already exist.
|
||
|
|
||
|
- name: "Check for an existing certificate for {{ acme_domain.domain }}"
|
||
|
ansible.builtin.stat:
|
||
|
path: "{{ lego_path }}/certificates/{{ acme_domain.domain }}.crt"
|
||
|
register: lego_cert
|
||
|
delegate_to: localhost
|
||
|
tags: lego
|
||
|
|
||
|
- name: Instruct lego to register an account and order a new certificate if one doesn't already exist.
|
||
|
set_fact:
|
||
|
lego_command: "{{ 'renew' if lego_cert.stat.exists else 'run'}}"
|
||
|
delegate_to: localhost
|
||
|
tags: lego
|
||
|
|
||
|
- name: Order acme certificates without waiting for propogation of TXT record to all authoritative name servers.
|
||
|
ansible.builtin.command:
|
||
|
cmd: >
|
||
|
lego --path {{ lego_path }} --dns {{ acme_domain.provider }} --domains {{ acme_domain.domain }} --email {{ acme_email }} --dns.disable-cp --accept-tos {{ lego_command }}
|
||
|
register: lego_result
|
||
|
delegate_to: localhost
|
||
|
changed_when: False
|
||
|
ignore_errors: true
|
||
|
tags: lego
|
||
|
environment:
|
||
|
# EASYDNS_TOKEN: "{{ EASYDNS_TOKEN }}"
|
||
|
# EASYDNS_KEY: "{{ EASYDNS_KEY }}"
|
||
|
NAMECHEAP_API_USER: "{{ NAMECHEAP_API_USER }}"
|
||
|
NAMECHEAP_API_KEY: "{{ NAMECHEAP_API_KEY }}"
|
||
|
|
||
|
- name: Print lego output with dns.disable-cp
|
||
|
ansible.builtin.debug:
|
||
|
var: lego_result
|
||
|
delegate_to: localhost
|
||
|
tags: lego
|
||
|
|
||
|
# --dns.disable-cp: disables the need to wait the propagation of the TXT record to all authoritative name servers.
|
||
|
# I haven't yet figured out why it only works sporadically with or without this option.
|
||
|
- name: Retry the last command if necessary, but wait for propogation of TXT record to all authoritative name servers.
|
||
|
ansible.builtin.command:
|
||
|
cmd: >
|
||
|
lego --path {{ lego_path }} --dns {{ acme_domain.provider }} --domains {{ acme_domain.domain }} --email {{ acme_email }} --accept-tos {{ lego_command }}
|
||
|
when: lego_result.failed
|
||
|
register: lego_result
|
||
|
delegate_to: localhost
|
||
|
changed_when: False
|
||
|
tags: lego
|
||
|
environment:
|
||
|
# EASYDNS_TOKEN: "{{ EASYDNS_TOKEN }}"
|
||
|
# EASYDNS_KEY: "{{ EASYDNS_KEY }}"
|
||
|
NAMECHEAP_API_USER: "{{ NAMECHEAP_API_USER }}"
|
||
|
NAMECHEAP_API_KEY: "{{ NAMECHEAP_API_KEY }}"
|
||
|
|
||
|
- name: Print lego output without dns.disable-cp
|
||
|
ansible.builtin.debug:
|
||
|
var: lego_result
|
||
|
delegate_to: localhost
|
||
|
tags: lego
|