homelab/roles/tls/tasks/main.yml

43 lines
1.2 KiB
YAML

---
- name: Install certbot
become: true
ansible.builtin.apt:
pkg:
- certbot
- python3-certbot-dns-cloudflare
- name: Create certbot directory
become: true
ansible.builtin.file:
path: /etc/certbot
state: directory
owner: root
group: root
mode: '1750'
- name: Copy cloudflare credentials
become: true
ansible.builtin.template:
src: cloudflare.ini.j2
dest: /etc/certbot/cloudflare.ini
owner: root
group: root
mode: '0660'
- name: Issue certificates
become: true
ansible.builtin.shell:
certbot certonly -n --agree-tos --expand --email {{ email }} --dns-cloudflare --dns-cloudflare-credentials /etc/certbot/cloudflare.ini -d {{ domain }} -d '*.{{ domain }}'
args:
creates: /etc/letsencrypt/live/{{ domain }}/fullchain.pem
- name: Create a directory to store combined files
become: true
ansible.builtin.file:
path: /etc/haproxy/certs
state: directory
mode: '1700'
owner: "99"
group: "99"
- name: Combine certificate and private key
become: true
ansible.builtin.shell:
cat fullchain.pem privkey.pem > /etc/haproxy/certs/{{ domain }}.pem
args:
chdir: /etc/letsencrypt/live/{{ domain }}