hatsch · March 18, 2019 07:50
diff --git a/le.yaml b/le.yaml
 ---

 - openssl_privatekey:
    path: "/srv/{{ app_name }}/ssl/{{ trusted_domains[0] }}.key"
  tags: letsencrypt

 - name: Creating CSR for
  debug: msg=
  tags: letsencrypt

 - name: Create CSR
  openssl_csr:
    path: "/srv/{{ app_name }}/ssl/{{ trusted_domains[0] }}.csr"
    privatekey_path: "/srv/{{ app_name }}/ssl/{{ trusted_domains[0] }}.key"
    country_name: AT
    organization_name: 
    email_address: 
    common_name: "{{ trusted_domains[0] }}"
    subject_alt_name: "{% for item in trusted_domains %}{%- if not loop.first -%}, {%- endif %}DNS:{{ item }}{% endfor %}"
  tags: letsencrypt

 - name: Create a letsencrypt challenge for trusted_domains 
  acme_certificate:
    account_key_src: /etc/ssl/private/letsencrypt.pem
    src: /srv/{{ app_name }}/ssl/{{ trusted_domains[0] }}.csr
    dest: /srv/{{ app_name }}/ssl/{{ trusted_domains[0] }}.crt
    fullchain_dest: /srv/{{ app_name }}/ssl/{{ trusted_domains[0] }}/{{ trusted_domains[0] }}.fullchain.crt
    remaining_days: 30
 #    acme_directory: https://acme-v01.api.letsencrypt.org/directory
  register: challenge
  tags: letsencrypt

 - copy:
    dest: "/var/www/letsencrypt/{{ challenge['challenge_data'][item]['http-01']['resource'] }}"
    content: "{{ challenge['challenge_data'][item]['http-01']['resource_value'] }}"
  loop: "{{ challenge.challenge_data.keys() }}"
  tags: letsencrypt
  when: challenge.changed

 - name: Fullfill the challenge
  acme_certificate:
    account_key_src: /etc/ssl/private/letsencrypt.pem
    src: /srv/{{ app_name }}/ssl/{{ trusted_domains[0] }}.csr
    dest: /srv/{{ app_name }}/ssl/{{ trusted_domains[0] }}.crt
    fullchain_dest: /srv/{{ app_name }}/ssl/{{ trusted_domains[0] }}.fullchain.crt
 #    acme_directory: https://acme-v01.api.letsencrypt.org/directory
    data: "{{ challenge }}"
  tags: letsencrypt
	---

	- openssl_privatekey:
	path: "/srv/{{ app_name }}/ssl/{{ trusted_domains[0] }}.key"
	tags: letsencrypt

	- name: Creating CSR for
	debug: msg=
	tags: letsencrypt

	- name: Create CSR
	openssl_csr:
	path: "/srv/{{ app_name }}/ssl/{{ trusted_domains[0] }}.csr"
	privatekey_path: "/srv/{{ app_name }}/ssl/{{ trusted_domains[0] }}.key"
	country_name: AT
	organization_name:
	email_address:
	common_name: "{{ trusted_domains[0] }}"
	subject_alt_name: "{% for item in trusted_domains %}{%- if not loop.first -%}, {%- endif %}DNS:{{ item }}{% endfor %}"
	tags: letsencrypt

	- name: Create a letsencrypt challenge for trusted_domains
	acme_certificate:
	account_key_src: /etc/ssl/private/letsencrypt.pem
	src: /srv/{{ app_name }}/ssl/{{ trusted_domains[0] }}.csr
	dest: /srv/{{ app_name }}/ssl/{{ trusted_domains[0] }}.crt
	fullchain_dest: /srv/{{ app_name }}/ssl/{{ trusted_domains[0] }}/{{ trusted_domains[0] }}.fullchain.crt
	remaining_days: 30
	# acme_directory: https://acme-v01.api.letsencrypt.org/directory
	register: challenge
	tags: letsencrypt

	- copy:
	dest: "/var/www/letsencrypt/{{ challenge['challenge_data'][item]['http-01']['resource'] }}"
	content: "{{ challenge['challenge_data'][item]['http-01']['resource_value'] }}"
	loop: "{{ challenge.challenge_data.keys() }}"
	tags: letsencrypt
	when: challenge.changed

	- name: Fullfill the challenge
	acme_certificate:
	account_key_src: /etc/ssl/private/letsencrypt.pem
	src: /srv/{{ app_name }}/ssl/{{ trusted_domains[0] }}.csr
	dest: /srv/{{ app_name }}/ssl/{{ trusted_domains[0] }}.crt
	fullchain_dest: /srv/{{ app_name }}/ssl/{{ trusted_domains[0] }}.fullchain.crt
	# acme_directory: https://acme-v01.api.letsencrypt.org/directory
	data: "{{ challenge }}"
	tags: letsencrypt