mirror of
https://github.com/MatteZ02/infra.git
synced 2024-11-09 20:40:18 +00:00
update
This commit is contained in:
parent
9ffb1b7f58
commit
a232ca888f
4
files/certbot/nginx.sh
Normal file
4
files/certbot/nginx.sh
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
echo -n "$CERTBOT_VALIDATION" > /root/nginx/html/.well-known/acme-challenge/$CERTBOT_TOKEN
|
||||||
|
/opt/ansible/bin/ansible-pull -U ssh://git@github.com/MatteZ02/mpp-ansible --private-key ~/.ssh/id_rsa tasks.yml -t nginx
|
@ -137,7 +137,7 @@
|
|||||||
recreate: on
|
recreate: on
|
||||||
network: host
|
network: host
|
||||||
volumes:
|
volumes:
|
||||||
- "/root/nginx/index.html:/usr/share/nginx/html/index.html:ro"
|
- "/root/nginx/html:/usr/share/nginx/html:ro"
|
||||||
- "/root/nginx/config.conf:/etc/nginx/nginx.conf:ro"
|
- "/root/nginx/config.conf:/etc/nginx/nginx.conf:ro"
|
||||||
- "/root/nginx/conf/:/etc/nginx/conf.d/:ro"
|
- "/root/nginx/conf/:/etc/nginx/conf.d/:ro"
|
||||||
- "/root/certs/:/etc/nginx/certs/:ro"
|
- "/root/certs/:/etc/nginx/certs/:ro"
|
||||||
|
@ -107,8 +107,17 @@
|
|||||||
tags:
|
tags:
|
||||||
- certbot
|
- certbot
|
||||||
|
|
||||||
|
- name: "Install - Certbot - Auth Hook"
|
||||||
|
copy:
|
||||||
|
src: "../files/certbot/nginx.sh"
|
||||||
|
dest: "/etc/letsencrypt/renewal-hooks/pre/nginx.sh"
|
||||||
|
mode: '700'
|
||||||
|
force: true
|
||||||
|
tags:
|
||||||
|
- certbot
|
||||||
|
|
||||||
- name: "Install - Certbot - Create Certificates"
|
- name: "Install - Certbot - Create Certificates"
|
||||||
command: "certbot certonly --cert-name {{ cert.name }} --manual --preferred-challenges http-01 --email {{ cert.email }} --server https://acme-v02.api.letsencrypt.org/directory --agree-tos -n --debug-challenges --preferred-chain='ISRG Root X1' --key-type rsa -d {{ cert.domains | join(' -d ') }}"
|
command: "certbot certonly --cert-name {{ cert.name }} --manual --preferred-challenges http-01 --email {{ cert.email }} --server https://acme-v02.api.letsencrypt.org/directory --agree-tos -n --manual-auth-hook /etc/letsencrypt/renewal-hooks/pre/nginx.sh --debug-challenges --preferred-chain='ISRG Root X1' --key-type rsa -d {{ cert.domains | join(' -d ') }}"
|
||||||
register: task
|
register: task
|
||||||
changed_when: task.stdout.find("Certificate not yet due for renewal; no action taken.") == -1
|
changed_when: task.stdout.find("Certificate not yet due for renewal; no action taken.") == -1
|
||||||
vars:
|
vars:
|
||||||
|
Loading…
Reference in New Issue
Block a user