Skip to content

Commit

Permalink
Merge pull request #28 from inmotionhosting/NGX-799
Browse files Browse the repository at this point in the history
NGX-799: Update Letsencrypt
  • Loading branch information
combssm authored Dec 4, 2023
2 parents 90fc45d + 4d8a419 commit 4fa9980
Show file tree
Hide file tree
Showing 2 changed files with 1 addition and 25 deletions.
2 changes: 1 addition & 1 deletion defaults/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ certbot_create_command: >-
--cert-name {{ site_domain }}
--allow-subset-of-names
{% if certbot_without_email %}--register-unsafely-without-email{% else %}--email {{ site_email }}{% endif %}
-d {{ site_domain }}
-d {{ site_domain }}{% if not site_domain.startswith('www') %},www.{{ site_domain }}{% endif %}
{% if certbot_test_cert | bool %}--test-cert{% endif %}
--pre-hook /etc/letsencrypt/renewal-hooks/pre/stop_services
--post-hook /etc/letsencrypt/renewal-hooks/post/start_services
Expand Down
24 changes: 0 additions & 24 deletions tasks/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -14,30 +14,6 @@
- use_letsencrypt is defined
- use_letsencrypt

- name: Also retrieve certificate for www if DNS exists and matches
vars:
dns_ip: "{{ lookup('dig', 'www.' ~ site_domain) }}"
host_ips: "{{ ansible_all_ipv4_addresses }}"
ansible.builtin.set_fact:
certbot_create_command: >-
{{ certbot_package }} certonly
--standalone
--noninteractive
--agree-tos
--cert-name {{ site_domain }}
--allow-subset-of-names
{% if certbot_without_email | bool %}--register-unsafely-without-email{% else %}--email {{ site_email }}{% endif %}
-d {{ site_domain ~ "," ~ "www." ~ site_domain }}
{% if certbot_test_cert|bool %}--test-cert{% endif %}
--pre-hook /etc/letsencrypt/renewal-hooks/pre/stop_services
--post-hook /etc/letsencrypt/renewal-hooks/post/start_services
when:
- use_letsencrypt is defined
- use_letsencrypt
- site_domain is defined
- site_domain | length > 0
- dns_ip in host_ips

- name: Use Let's Encrypt if specified
ansible.builtin.include_tasks: "letsencrypt.yml"
when:
Expand Down

0 comments on commit 4fa9980

Please sign in to comment.