Make certificate a role

author: Dmitry Ilvokhin <d@ilvokhin.com> 2024-01-06 19:02:56 +0000
committer: Dmitry Ilvokhin <d@ilvokhin.com> 2024-01-06 19:02:56 +0000
commit: 504fb5e84489636c16c15b00a99b0e6352304dcc (patch)
tree: 07a5ef840e95976cd188eb02e27428b5830f2393 /roles/certificate/tasks/main.yml
parent: ce18a1206c9e6ca74177c8ca16e42efae934c00f (diff)
download: infra-504fb5e84489636c16c15b00a99b0e6352304dcc.tar.gz
infra-504fb5e84489636c16c15b00a99b0e6352304dcc.tar.bz2
infra-504fb5e84489636c16c15b00a99b0e6352304dcc.zip
1 files changed, 18 insertions, 0 deletions
diff --git a/roles/certificate/tasks/main.yml b/roles/certificate/tasks/main.yml
new file mode 100644
index 0000000..0edc725
--- /dev/null
+++ b/roles/certificate/tasks/main.yml
@@ -0,0 +1,18 @@
+- ansible.builtin.include_role:
+  name: certbot
+
+- name: Request SSL certificate from Let's Encrypt
+  shell: |
+    # Make task independent: if nginx is already running, stop it and then
+    # start back on exit.
+    [ -f /var/run/nginx.pid ] && systemctl stop nginx
+    trap "systemctl start nginx" EXIT
+    certbot certonly \
+        --standalone \
+        --agree-tos \
+        --renew-by-default \
+        --email webmaster@ilvokhin.com \
+        --rsa-key-size 4096 \
+        -d {{ domains | join(' -d ') }}
+  args:
+    creates: '/etc/letsencrypt/live/{{ domains | first }}/fullchain.pem'
author	Dmitry Ilvokhin <d@ilvokhin.com>	2024-01-06 19:02:56 +0000
committer	Dmitry Ilvokhin <d@ilvokhin.com>	2024-01-06 19:02:56 +0000
commit	504fb5e84489636c16c15b00a99b0e6352304dcc (patch)
tree	07a5ef840e95976cd188eb02e27428b5830f2393 /roles/certificate/tasks/main.yml
parent	ce18a1206c9e6ca74177c8ca16e42efae934c00f (diff)
download	infra-504fb5e84489636c16c15b00a99b0e6352304dcc.tar.gz infra-504fb5e84489636c16c15b00a99b0e6352304dcc.tar.bz2 infra-504fb5e84489636c16c15b00a99b0e6352304dcc.zip