From a232ca888ff191a5542291353af749641fb3da9a Mon Sep 17 00:00:00 2001
From: Matte <51192395+MatteZ02@users.noreply.github.com>
Date: Thu, 18 Apr 2024 17:50:57 +0300
Subject: [PATCH] update

---
 files/certbot/nginx.sh            |  4 ++++
 files/nginx/{ => html}/index.html |  0
 tasks/deployer.yml                |  2 +-
 tasks/install.yml                 | 11 ++++++++++-
 4 files changed, 15 insertions(+), 2 deletions(-)
 create mode 100644 files/certbot/nginx.sh
 rename files/nginx/{ => html}/index.html (100%)

diff --git a/files/certbot/nginx.sh b/files/certbot/nginx.sh
new file mode 100644
index 0000000..4d6eefa
--- /dev/null
+++ b/files/certbot/nginx.sh
@@ -0,0 +1,4 @@
+#!/bin/bash
+
+echo -n "$CERTBOT_VALIDATION" > /root/nginx/html/.well-known/acme-challenge/$CERTBOT_TOKEN
+/opt/ansible/bin/ansible-pull -U ssh://git@github.com/MatteZ02/mpp-ansible --private-key ~/.ssh/id_rsa tasks.yml -t nginx
diff --git a/files/nginx/index.html b/files/nginx/html/index.html
similarity index 100%
rename from files/nginx/index.html
rename to files/nginx/html/index.html
diff --git a/tasks/deployer.yml b/tasks/deployer.yml
index cd21d58..384b713 100644
--- a/tasks/deployer.yml
+++ b/tasks/deployer.yml
@@ -137,7 +137,7 @@
     recreate: on
     network: host
     volumes:
-      - "/root/nginx/index.html:/usr/share/nginx/html/index.html:ro"
+      - "/root/nginx/html:/usr/share/nginx/html:ro"
       - "/root/nginx/config.conf:/etc/nginx/nginx.conf:ro"
       - "/root/nginx/conf/:/etc/nginx/conf.d/:ro"
       - "/root/certs/:/etc/nginx/certs/:ro"
diff --git a/tasks/install.yml b/tasks/install.yml
index 1cae1d1..59bb824 100644
--- a/tasks/install.yml
+++ b/tasks/install.yml
@@ -107,8 +107,17 @@
   tags:
     - certbot
 
+- name: "Install - Certbot - Auth Hook"
+  copy:
+    src: "../files/certbot/nginx.sh"
+    dest: "/etc/letsencrypt/renewal-hooks/pre/nginx.sh"
+    mode: '700'
+    force: true
+  tags:
+    - certbot
+
 - name: "Install - Certbot - Create Certificates"
-  command: "certbot certonly --cert-name {{ cert.name }} --manual --preferred-challenges http-01 --email {{ cert.email }} --server https://acme-v02.api.letsencrypt.org/directory --agree-tos -n --debug-challenges --preferred-chain='ISRG Root X1' --key-type rsa -d {{ cert.domains | join(' -d ') }}"
+  command: "certbot certonly --cert-name {{ cert.name }} --manual --preferred-challenges http-01 --email {{ cert.email }} --server https://acme-v02.api.letsencrypt.org/directory --agree-tos -n --manual-auth-hook /etc/letsencrypt/renewal-hooks/pre/nginx.sh --debug-challenges --preferred-chain='ISRG Root X1' --key-type rsa -d {{ cert.domains | join(' -d ') }}"
   register: task
   changed_when: task.stdout.find("Certificate not yet due for renewal; no action taken.") == -1
   vars: