Update

2024-11-22 10:40:18 +00:00 · 2024-04-18 17:24:24 +03:00 · 2024-04-18 17:24:24 +03:00 · 3b441c6fcb
commit 3b441c6fcb
parent 32cfff9039
2 changed files with 21 additions and 14 deletions
--- a/files/nginx/conf/000-default.conf
+++ b/files/nginx/conf/000-default.conf
@ -22,6 +22,11 @@ server {
        return 301 https://$host$request_uri/;
    }

+    location /.well-known/acme-challenge/ {
+        root   /usr/share/nginx/html;
+        index  index.html index.htm;
+    }
+
    if ($request_method !~ ^(GET|HEAD|POST)$ )
    {
       return 405;
@ -30,11 +35,13 @@ server {

 server {

-    listen  443 ssl http2 default_server;
-    listen  [::]:443 ssl http2 default_server;
+    listen  443 ssl default_server;
+    listen  [::]:443 ssl default_server;

    server_name _;

+    http2 on;
+
    ssl_certificate /etc/nginx/certs/mpp/fullchain.pem;
    ssl_certificate_key /etc/nginx/certs/mpp/privkey.pem;
    ssl_protocols TLSv1.2 TLSv1.3;
--- a/tasks/install.yml
+++ b/tasks/install.yml
@ -107,18 +107,18 @@
  tags:
    - certbot

-# - name: "Install - Certbot - Create Certificates"
-#   command: "certbot certonly --cert-name {{ cert.name }} --manual --preferred-challenges dns-01 --email {{ cert.email }} --server https://acme-v02.api.letsencrypt.org/directory --agree-tos -n --manual-auth-hook /etc/letsencrypt/renewal-hooks/pre/acme-dns-auth.py --debug-challenges --preferred-chain='ISRG Root X1' --key-type rsa -d {{ cert.domains | join(' -d ') }}"
-#   register: task
-#   changed_when: task.stdout.find("Certificate not yet due for renewal; no action taken.") == -1
-#   vars:
-#     cert:
-#       name: mpp
-#       email: matias.martikainen@metropolia.fi
-#       domains:
-#         - "{{ ansible_facts.fqdn }}"
-#   tags:
-#     - certbot
+- name: "Install - Certbot - Create Certificates"
+  command: "certbot certonly --cert-name {{ cert.name }} --manual --preferred-challenges http-01 --email {{ cert.email }} --server https://acme-v02.api.letsencrypt.org/directory --agree-tos -n --debug-challenges --preferred-chain='ISRG Root X1' --key-type rsa -d {{ cert.domains | join(' -d ') }}"
+  register: task
+  changed_when: task.stdout.find("Certificate not yet due for renewal; no action taken.") == -1
+  vars:
+    cert:
+      name: mpp
+      email: matias.martikainen@metropolia.fi
+      domains:
+        - "{{ ansible_facts.fqdn }}"
+  tags:
+    - certbot

 - name: "Install - MariaDB - Dependencies / Python Library : pymysql"
  pip: