2017-12-03 04:22:28 +07:00
---
- name : SET_FACT | Assign default..
set_fact :
acme_create : [ ]
- name : STAT | Check if certificates are already installed
stat :
path : "{{ nginx_ssl_dir }}/{{ item | nginx_site_name }}/{{ item | nginx_site_name }}.crt"
2019-02-05 03:25:25 +07:00
loop : "{{ nginx_ssl_pairs }}"
2017-12-03 04:22:28 +07:00
when : item.acme is defined and item.acme
register : acme_installed_certs
- name : SET_FACT | Assign var with certificates to create
set_fact :
2018-03-23 02:35:51 +07:00
acme_create : "{{ acme_create | default([]) + [ (item.item) ] }}"
2019-02-05 03:25:25 +07:00
loop : "{{ acme_installed_certs.results }}"
2017-12-03 04:22:28 +07:00
when : item.skipped is not defined and not item.stat.exists
- name : TEMPLATE | Create fake site
template :
2018-03-23 00:39:10 +07:00
src : "etc/nginx/conf.d/FAKESITE.conf.j2"
2017-12-03 04:22:28 +07:00
dest : "{{ nginx_etc_dir }}/conf.d/FAKESITE_{{ item | nginx_site_name }}.conf"
2019-02-05 03:25:25 +07:00
loop : "{{ acme_create }}"
2017-12-03 04:22:28 +07:00
register : fake_site
2018-03-22 23:49:02 +07:00
- name : FILE | Delete current site if needed
file :
path : "{{ nginx_etc_dir }}/sites-enabled/{{ item | nginx_site_name }}"
state : absent
2019-02-05 03:25:25 +07:00
loop : "{{ acme_create }}"
2018-03-22 23:49:02 +07:00
when : fake_site.changed
2018-03-16 00:06:38 +07:00
- name : SERVICE | Restart nginx
2017-12-03 04:22:28 +07:00
service :
name : nginx
2018-03-16 00:06:38 +07:00
state : restarted
when : fake_site.changed and ansible_virtualization_type != 'docker'
- name : COMMAND | Restart nginx
command : service nginx restart
2019-01-24 17:05:46 +07:00
args :
warn : false
2018-03-16 00:06:38 +07:00
when : fake_site.changed and ansible_virtualization_type == 'docker'
2017-12-03 04:22:28 +07:00
- name : SHELL | Get certificates
shell : '{{ nginx_acmesh_bin }} --issue{% if item.name is string %} -d {{ item.name }}{% else %}{% for name in item.name %} -d {{ name }}{% endfor %}{% endif %} --nginx {% if nginx_acmesh_test %}--test{% endif %}'
args :
2017-12-03 08:15:48 +07:00
creates : "/root/.acme.sh/{{ item | nginx_site_name }}/{{ item | nginx_site_name }}.key"
2019-02-05 03:25:25 +07:00
loop : "{{ acme_create }}"
2017-12-03 04:22:28 +07:00
register : acme_get
failed_when : acme_get.rc != 0 and acme_get.rc != 2
2018-03-15 22:10:37 +07:00
no_log : not nginx_debug_role
2017-12-03 04:22:28 +07:00
- name : FILE | Create SSL dir per site
file :
path : "{{ nginx_ssl_dir }}/{{ item | nginx_site_name }}"
2019-02-05 03:25:25 +07:00
loop : "{{ acme_create }}"
2017-12-03 04:22:28 +07:00
- name : SHELL | Install certificates
2018-03-23 01:03:33 +07:00
shell : '{{ nginx_acmesh_bin }} --install-cert -d {{ item | nginx_site_name }} --fullchain-file {{ nginx_ssl_dir }}/{{ item | nginx_site_name }}/{{ item | nginx_site_name }}.crt --key-file {{ nginx_ssl_dir }}/{{ item | nginx_site_name }}/{{ item | nginx_site_name }}.key --reloadcmd "service nginx restart"'
2017-12-03 04:22:28 +07:00
args :
creates : "{{ nginx_ssl_dir }}/{{ item | nginx_site_name }}/{{ item | nginx_site_name }}.key"
2019-02-05 03:25:25 +07:00
loop : "{{ nginx_ssl_pairs }}"
2017-12-03 04:22:28 +07:00
when : item.acme is defined and item.acme
notify : restart nginx
- name : FILE | Delete fake sites
file :
path : "{{ nginx_etc_dir }}/conf.d/FAKESITE_{{ item | nginx_site_name }}.conf"
state : absent
2019-02-05 03:25:25 +07:00
loop : "{{ acme_create }}"