Select Git revision
renew-cert.yaml 5.59 KiB
---
- name: Validate assertions
assert:
that:
- domains is iterable
- host is string
- name: Gather facts
ansible.builtin.setup:
gather_subset:
- date_time
tags:
- always
- name: Calculate the time 1 year ago (for regenerating long-term keys)
ansible.builtin.set_fact:
one_year_ago: |-
{{ ansible_facts.date_time.epoch|int - (60*60*24*365) }}
- name: Get account key file stat
ansible.builtin.stat:
path: &account_key_src account.key
register: account_key_stat
tags:
- always
- name: Generate account key
community.crypto.openssl_privatekey:
# yamllint disable rule:line-length
force: |-
{{ account_key_stat.stat.exists and account_key_stat.stat.mtime|int < one_year_ago }}
# yamllint enable rule:line-length
mode: 0o0600
path: *account_key_src
size: 4096
state: present
type: RSA
tags:
- always
- name: Register account
community.crypto.acme_account:
account_key_src: *account_key_src # pragma: allowlist secret
acme_directory: &acme_directory |-
https://acme-v02.api.letsencrypt.org/directory
# acme_directory: &acme_directory |-
# https://acme-staging-v02.api.letsencrypt.org/directory
acme_version: &acme_version 2
contact:
- mailto:{{ email }}
select_crypto_backend: &crypto_backend cryptography
state: present
terms_agreed: true
vars:
email: &email hostmaster@shore.co.il
tags:
- always
- name: Get host key file stat
ansible.builtin.stat:
path: &key_src |-
{{ playbook_dir }}/{{ host }}.key
register: host_key_stat
- name: Generate {{ host }} key
community.crypto.openssl_privatekey:
# yamllint disable rule:line-length
force: |-
{{ host_key_stat.stat.exists and host_key_stat.stat.mtime|int < one_year_ago }}
# yamllint enable rule:line-length