From 4d8a4198b83382c54d1d8a371d06b0e225b7ab71 Mon Sep 17 00:00:00 2001 From: Sean Combs Date: Mon, 4 Dec 2023 09:26:40 -0500 Subject: [PATCH] NGX-799: Update Letsencrypt --- defaults/main.yml | 2 +- tasks/main.yml | 24 ------------------------ 2 files changed, 1 insertion(+), 25 deletions(-) diff --git a/defaults/main.yml b/defaults/main.yml index 7169896..69d8031 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -10,7 +10,7 @@ certbot_create_command: >- --cert-name {{ site_domain }} --allow-subset-of-names {% if certbot_without_email %}--register-unsafely-without-email{% else %}--email {{ site_email }}{% endif %} - -d {{ site_domain }} + -d {{ site_domain }}{% if not site_domain.startswith('www') %},www.{{ site_domain }}{% endif %} {% if certbot_test_cert | bool %}--test-cert{% endif %} --pre-hook /etc/letsencrypt/renewal-hooks/pre/stop_services --post-hook /etc/letsencrypt/renewal-hooks/post/start_services diff --git a/tasks/main.yml b/tasks/main.yml index df78795..c2c11bc 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -14,30 +14,6 @@ - use_letsencrypt is defined - use_letsencrypt -- name: Also retrieve certificate for www if DNS exists and matches - vars: - dns_ip: "{{ lookup('dig', 'www.' ~ site_domain) }}" - host_ips: "{{ ansible_all_ipv4_addresses }}" - ansible.builtin.set_fact: - certbot_create_command: >- - {{ certbot_package }} certonly - --standalone - --noninteractive - --agree-tos - --cert-name {{ site_domain }} - --allow-subset-of-names - {% if certbot_without_email | bool %}--register-unsafely-without-email{% else %}--email {{ site_email }}{% endif %} - -d {{ site_domain ~ "," ~ "www." ~ site_domain }} - {% if certbot_test_cert|bool %}--test-cert{% endif %} - --pre-hook /etc/letsencrypt/renewal-hooks/pre/stop_services - --post-hook /etc/letsencrypt/renewal-hooks/post/start_services - when: - - use_letsencrypt is defined - - use_letsencrypt - - site_domain is defined - - site_domain | length > 0 - - dns_ip in host_ips - - name: Use Let's Encrypt if specified ansible.builtin.include_tasks: "letsencrypt.yml" when: