roles/certificate/tasks/main.yml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18

- ansible.builtin.include_role:
    name: certbot

- name: Request SSL certificate from Let's Encrypt
  shell: |
    # Make task independent: if nginx is already running, stop it and then
    # start back on exit.
    [ -f /var/run/nginx.pid ] && systemctl stop nginx
    trap "systemctl start nginx" EXIT
    certbot certonly \
        --standalone \
        --agree-tos \
        --renew-by-default \
        --email webmaster@ilvokhin.com \
        --rsa-key-size 4096 \
        -d {{ domains | join(' -d ') }}
  args:
    creates: '/etc/letsencrypt/live/{{ domains | first }}/fullchain.pem'