| | |
|---|
| | | stat: |
|---|
| | | path: "/home/{{ ansible_user }}/.aws/credentials" |
|---|
| | | register: aws_credentials_result |
|---|
| | | |
|---|
| | | |
|---|
| | | - name: Fail if AWS Credentials are not on the host |
|---|
| | | fail: |
|---|
| | | msg: AWS Credentials are required when requesting certificates for a wildcard domain |
|---|
| | |
|---|
| | | when: _certbot_dns_provider is match('rfc2136') |
|---|
| | | block: |
|---|
| | | - name: Verify credential are present on host |
|---|
| | | when: _certbot_dns_provider is match('rfc2136') |
|---|
| | | when: _certbot_dns_provider is match('rfc2136') |
|---|
| | | stat: |
|---|
| | | path: /home/{{ _certbot_user }}/.rfc2136.ini |
|---|
| | | register: ddns_credentials_result |
|---|
| | |
|---|
| | | when: |
|---|
| | | - cacert.stat.exists|bool == false or _certbot_force_issue|bool |
|---|
| | | block: |
|---|
| | | - name: Ensure virtualenv is installed |
|---|
| | | pip: |
|---|
| | | name: virtualenv |
|---|
| | | state: present |
|---|
| | | when: not use_python3 | bool |
|---|
| | | # We expect Python3 and Python3-pip to be installed |
|---|
| | | # They should be on the bastion that this role is running |
|---|
| | | |
|---|
| | | - name: Install certbot pip prerequisites in a VirtualEnv |
|---|
| | | become: True |
|---|
| | | pip: |
|---|
| | | state: present |
|---|
| | | virtualenv_command: /usr/local/bin/virtualenv |
|---|
| | | virtualenv: /opt/virtualenvs/certbot |
|---|
| | | name: |
|---|
| | | - certbot |
|---|
| | | - certbot-dns-{{ _certbot_dns_provider }} |
|---|
| | | when: not use_python3 | bool |
|---|
| | | # The requirements_certbot.txt file has the Python modules |
|---|
| | | # For certbot, certbot-dns-route53 and certbot-dns-rfc2136 |
|---|
| | | - name: Copy requirements_certbot.txt to target for certbot virtualenv |
|---|
| | | copy: |
|---|
| | | src: ./files/requirements_certbot.txt |
|---|
| | | dest: /tmp/requirements_certbot.txt |
|---|
| | | |
|---|
| | | - name: Install certbot pip prerequisites in a virtualenv with python3 |
|---|
| | | # The next two commands need to be run as _certbot_user in order to set up the correct permissions |
|---|
| | | # Running without will create links to /root/.local/... which won't be readable |
|---|
| | | - name: Create Virtualenv Certbot |
|---|
| | | become: True |
|---|
| | | pip: |
|---|
| | | state: present |
|---|
| | | virtualenv_command: /usr/local/bin/virtualenv |
|---|
| | | virtualenv: /opt/virtualenvs/certbot |
|---|
| | | name: |
|---|
| | | - certbot |
|---|
| | | - certbot-dns-{{ _certbot_dns_provider }} |
|---|
| | | when: use_python3 | bool |
|---|
| | | |
|---|
| | | - name: Copy certbot script |
|---|
| | | become: True |
|---|
| | | become_user: "{{ _certbot_user }}" |
|---|
| | | command: "/usr/local/bin/virtualenv -p /usr/bin/python3 {{ _certbot_virtualenv }}" |
|---|
| | | |
|---|
| | | - name: Install Certbot into Virtualenv |
|---|
| | | become: true |
|---|
| | | become_user: "{{ _certbot_user }}" |
|---|
| | | command: "{{ _certbot_virtualenv }}/bin/pip3 install -r /tmp/requirements_certbot.txt" |
|---|
| | | |
|---|
| | | - name: Copy certbot script to virtualenv |
|---|
| | | template: |
|---|
| | | src: ./templates/run-certbot.j2 |
|---|
| | | dest: /usr/local/bin/run-certbot |
|---|
| | | dest: "{{ _certbot_virtualenv }}/bin/run-certbot" |
|---|
| | | owner: "{{ _certbot_user }}" |
|---|
| | | group: "{{ _certbot_remote_dir_group }}" |
|---|
| | | mode: 0755 |
|---|
| | | |
|---|
| | | - name: Check if cached certificate archive exists |
|---|
| | |
|---|
| | | path: "{{ _certbot_cache_archive_file }}" |
|---|
| | | delegate_to: localhost |
|---|
| | | register: cache_archive_file |
|---|
| | | |
|---|
| | | - name: Ensure Certbot Directories are present |
|---|
| | | file: |
|---|
| | | name: "{{ item }}" |
|---|
| | | state: directory |
|---|
| | | owner: "{{ _certbot_remote_dir_owner }}" |
|---|
| | | mode: 0775 |
|---|
| | | loop: |
|---|
| | | - "{{ _certbot_dir }}" |
|---|
| | | - "{{ _certbot_dir }}/config" |
|---|
| | | - "{{ _certbot_dir }}/work" |
|---|
| | | - "{{ _certbot_dir }}/logs" |
|---|
| | | |
|---|
| | | - name: Restore entire certificate archive |
|---|
| | | when: |
|---|
| | |
|---|
| | | - name: Set _certbot_setup_complete=true |
|---|
| | | set_fact: |
|---|
| | | _certbot_setup_complete: true |
|---|
| | | |
|---|
| | | - name: Ensure Certbot Directories are present |
|---|
| | | file: |
|---|
| | | name: "{{ item }}" |
|---|
| | | state: directory |
|---|
| | | owner: "{{ _certbot_remote_dir_owner }}" |
|---|
| | | mode: 0775 |
|---|
| | | loop: |
|---|
| | | - "{{ _certbot_dir }}" |
|---|
| | | - "{{ _certbot_dir }}/config" |
|---|
| | | - "{{ _certbot_dir }}/work" |
|---|
| | | - "{{ _certbot_dir }}/logs" |
|---|
| | | - "{{ _certbot_dir }}/renewal-hooks" |
|---|
| | | - "{{ _certbot_dir }}/renewal-hooks/deploy" |
|---|
| | | |
|---|
| | | - name: Request Certificates from Let's Encrypt (force or no cache) |
|---|
| | | when: |
|---|
| | |
|---|
| | | - name: Request API and Wildcard Certificates |
|---|
| | | # become: false |
|---|
| | | become_user: "{{ _certbot_user }} " |
|---|
| | | command: /usr/local/bin/run-certbot |
|---|
| | | command: "{{ _certbot_virtualenv }}/bin/run-certbot" |
|---|
| | | retries: 5 |
|---|
| | | delay: 30 |
|---|
| | | register: r_request_le |
|---|
