---
|
# This playbook redeploys Lets Encrypt certificates
|
# It does not renew the certs, which is done by the certbot cronjob.
|
#
|
# Please ensure CA and key have not changed.
|
|
- hosts: localhost
|
gather_facts: no
|
become: no
|
vars:
|
- _certbot_install_dir: "/home/{{ ansible_user }}/idm/certificates"
|
- _certbot_dir: "/home/{{ ansible_user }}/idm/certbot"
|
tasks:
|
|
- name: Install certificates
|
copy:
|
src: "{{ _certbot_dir }}/config/live/{{ _certbot_domain }}/{{ item }}"
|
dest: "{{ _certbot_install_dir }}/{{ item }}"
|
remote_src: yes
|
loop:
|
- "cert.pem"
|
- "fullchain.pem"
|
- "chain.pem"
|
- "privkey.pem"
|
|
- name: Install IPA Certificate
|
shell: |
|
ipa-server-certinstall -w -d /home/{{ ansible_user }}/idm/certificates/privkey.pem /home/{{ ansible_user }}/idm/certificates/fullchain.pem -p '{{ idm_dm_password }}' --pin=''
|
ipactl restart
|
become: True
|