- name: get acme files hosts: primary.eenfach.de become: yes tasks: - name: fetch cert files... fetch: src: '/etc/pjac/certdir/{{ item }}' dest: acme/ flat: yes loop: - cert.pem - chain.pem - fullchain.pem - name: fetch key file... fetch: src: /etc/pjac/eenfach.de.key dest: acme/ flat: yes - name: push certs to webserver hosts: web.eenfach.de become: yes tasks: - name: copy key file copy: src: acme/eenfach.de.key dest: /opt/apache24/conf/acme/eenfach.de.key owner: root group: webservd mode: 0640 notify: restart apache24 - name: copy cert files copy: src: 'acme/{{ item }}' dest: '/opt/apache24/conf/acme/certdir/{{ item }}' owner: root group: webservd mode: 0640 loop: - cert.pem - chain.pem - fullchain.pem notify: restart apache24 handlers: - name: restart apache24 service: name: svc:/network/apache24:default state: restarted - name: push certs to mailserver hosts: smail.eenfach.de become: yes tasks: - name: copy cert files copy: src: 'acme/{{ item }}' dest: '/etc/mail/certs/{{ item }}' owner: root group: root mode: 0600 loop: - cert.pem - chain.pem - fullchain.pem - eenfach.de.key notify: - restart sendmail - restart dovecot handlers: - name: restart sendmail service: name: svc:/network/sendmail:sendmail state: restarted - name: restart dovecot service: name: svc:/network/dovecot:dovecot state: restarted - name: push certs to openfire hosts: openfire.eenfach.de become: yes tasks: - name: copy cert files copy: src: 'acme/{{ item }}' dest: '/opt/openfire/openfire/resources/security/hotdeploy/{{ item }}' owner: openfire group: openfire mode: 0600 loop: - cert.pem - fullchain.pem - eenfach.de.key