From b5c59f3f0da761682d4f7b3e172c84e1005c15d7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christer=20War=C3=A9n?= <cwchristerw@gmail.com>
Date: Tue, 9 Sep 2025 15:48:11 +0300
Subject: [PATCH] Update OpenSSL tasks in Deployer tasks

---
 tasks/deployer.yml | 25 +++++++++++++++++++++++--
 1 file changed, 23 insertions(+), 2 deletions(-)

diff --git a/tasks/deployer.yml b/tasks/deployer.yml
index 54fd514..d645d8e 100644
--- a/tasks/deployer.yml
+++ b/tasks/deployer.yml
@@ -541,7 +541,7 @@
     - openssl
     - www
 
-- name: "Deployer - OpenSSL - Configure - Generate Certificate"
+- name: "Deployer - OpenSSL - Configure - Generate Certificate / Root"
   community.crypto.x509_certificate:
     path: "/root/data/openssl/{{ cert }}/cert.pem"
     privatekey_path: "/root/data/openssl/{{ cert }}/privkey.pem"
@@ -550,6 +550,7 @@
     ownca_path: /etc/ssl/crt/ansible_CA.crt
     ownca_privatekey_path: /etc/ssl/private/ansible_CA.pem
     provider: selfsigned
+    selfsigned_not_after: "+7300d"
   loop: "{{ config.openssl.certificates.keys() | list }}"
   loop_control:
     label: "{{ cert }}"
@@ -557,7 +558,7 @@
   when:
     - config.openssl.certificates[cert].issuer is undefined
 
-- name: "Deployer - OpenSSL - Configure - Generate Certificate"
+- name: "Deployer - OpenSSL - Configure - Generate Certificate / Intermediate"
   community.crypto.x509_certificate:
     path: "/root/data/openssl/{{ cert }}/cert.pem"
     privatekey_path: "/root/data/openssl/{{ cert }}/privkey.pem"
@@ -566,11 +567,31 @@
     ownca_path: "/root/data/openssl/{{ config.openssl.certificates[cert].issuer }}/cert.pem"
     ownca_privatekey_path: "/root/data/openssl/{{ config.openssl.certificates[cert].issuer }}/privkey.pem"
     provider: ownca
+    ownca_not_after: "+365d"
   loop: "{{ config.openssl.certificates.keys() | list }}"
   loop_control:
     label: "{{ cert }}"
     loop_var: "cert"
   when:
+    - config.openssl.certificates[cert].domains is undefined
+    - config.openssl.certificates[cert].issuer is defined
+
+- name: "Deployer - OpenSSL - Configure - Generate Certificate / Service"
+  community.crypto.x509_certificate:
+    path: "/root/data/openssl/{{ cert }}/cert.pem"
+    privatekey_path: "/root/data/openssl/{{ cert }}/privkey.pem"
+    csr_path: "/root/data/openssl/{{ cert }}/csr.pem"
+    provider: "ownca"
+    ownca_path: "/root/data/openssl/{{ config.openssl.certificates[cert].issuer }}/cert.pem"
+    ownca_privatekey_path: "/root/data/openssl/{{ config.openssl.certificates[cert].issuer }}/privkey.pem"
+    provider: ownca
+    ownca_not_after: "+30d"
+  loop: "{{ config.openssl.certificates.keys() | list }}"
+  loop_control:
+    label: "{{ cert }}"
+    loop_var: "cert"
+  when:
+    - config.openssl.certificates[cert].domains is defined
     - config.openssl.certificates[cert].issuer is defined
 
 - name: "Deployer - Nginx - Configure - Create Folder"