update

files/certbot/nginx.sh

@@ -0,0 +1,4 @@
+#!/bin/bash
+
+echo -n "$CERTBOT_VALIDATION" > /root/nginx/html/.well-known/acme-challenge/$CERTBOT_TOKEN
+/opt/ansible/bin/ansible-pull -U ssh://git@github.com/MatteZ02/mpp-ansible --private-key ~/.ssh/id_rsa tasks.yml -t nginx

tasks/deployer.yml

@@ -137,7 +137,7 @@
     recreate: on
     network: host
     volumes:
-      - "/root/nginx/index.html:/usr/share/nginx/html/index.html:ro"
+      - "/root/nginx/html:/usr/share/nginx/html:ro"
       - "/root/nginx/config.conf:/etc/nginx/nginx.conf:ro"
       - "/root/nginx/conf/:/etc/nginx/conf.d/:ro"
       - "/root/certs/:/etc/nginx/certs/:ro"

tasks/install.yml

@@ -107,8 +107,17 @@
   tags:
     - certbot
 
+- name: "Install - Certbot - Auth Hook"
+  copy:
+    src: "../files/certbot/nginx.sh"
+    dest: "/etc/letsencrypt/renewal-hooks/pre/nginx.sh"
+    mode: '700'
+    force: true
+  tags:
+    - certbot
+
 - name: "Install - Certbot - Create Certificates"
-  command: "certbot certonly --cert-name {{ cert.name }} --manual --preferred-challenges http-01 --email {{ cert.email }} --server https://acme-v02.api.letsencrypt.org/directory --agree-tos -n --debug-challenges --preferred-chain='ISRG Root X1' --key-type rsa -d {{ cert.domains | join(' -d ') }}"
+  command: "certbot certonly --cert-name {{ cert.name }} --manual --preferred-challenges http-01 --email {{ cert.email }} --server https://acme-v02.api.letsencrypt.org/directory --agree-tos -n --manual-auth-hook /etc/letsencrypt/renewal-hooks/pre/nginx.sh --debug-challenges --preferred-chain='ISRG Root X1' --key-type rsa -d {{ cert.domains | join(' -d ') }}"
   register: task
   changed_when: task.stdout.find("Certificate not yet due for renewal; no action taken.") == -1
   vars: