ansible-nginx/tasks/ssl/acme.yml

---

- name: SET_FACT | Assign default..
  set_fact:
    acme_create: []

- name: STAT | Check if certificates are already installed
  stat:
    path: "{{ nginx_ssl_dir }}/{{ item | nginx_site_name }}/{{ item | nginx_site_name }}.crt"
  with_items: "{{ nginx_ssl_pairs }}"
  when: item.acme is defined and item.acme
  register: acme_installed_certs

- name: SET_FACT | Assign var with certificates to create
  set_fact:
    acme_create: "{{ acme_create | default([]) + [ (item.item | combine({'listen': ([item.item.acme_port|default(80)]) }) ) ] }}"
  with_items: "{{ acme_installed_certs.results }}"
  when: item.skipped is not defined and not item.stat.exists

- name: TEMPLATE | Create fake site
  template:
    src: "etc/nginx/sites-available/_base.j2"
    dest: "{{ nginx_etc_dir }}/conf.d/FAKESITE_{{ item | nginx_site_name }}.conf"
  with_items: "{{ acme_create }}"
  register: fake_site

- name: SERVICE | Restart nginx
  service:
    name: nginx
    state: restarted
  when: fake_site.changed and ansible_virtualization_type != 'docker'

- name: COMMAND | Restart nginx
  command: service nginx restart
  when: fake_site.changed and ansible_virtualization_type == 'docker'

- name: SHELL | Get certificates
  shell: '{{ nginx_acmesh_bin }} --issue{% if item.name is string %} -d {{ item.name }}{% else %}{% for name in item.name %} -d {{ name }}{% endfor %}{% endif %} --nginx {% if nginx_acmesh_test %}--test{% endif %}'
  args:
    creates: "/root/.acme.sh/{{ item | nginx_site_name }}/{{ item | nginx_site_name }}.key"
  with_items: "{{ acme_create }}"
  register: acme_get
  failed_when: acme_get.rc != 0 and acme_get.rc != 2
  no_log: not nginx_debug_role

- name: FILE | Create SSL dir per site
  file:
    path: "{{ nginx_ssl_dir }}/{{ item | nginx_site_name }}"
  with_items: "{{ acme_create }}"

- name: SHELL | Install certificates
  shell: '{{ nginx_acmesh_bin }} --install-cert -d {{ item | nginx_site_name }} --fullchain-file {{ nginx_ssl_dir }}/{{ item | nginx_site_name }}/{{ item | nginx_site_name }}.crt --key-file {{ nginx_ssl_dir }}/{{ item | nginx_site_name }}/{{ item | nginx_site_name }}.key'
  args:
    creates: "{{ nginx_ssl_dir }}/{{ item | nginx_site_name }}/{{ item | nginx_site_name }}.key"
  with_items: "{{ nginx_ssl_pairs }}"
  when: item.acme is defined and item.acme
  notify: restart nginx

- name: FILE | Delete fake sites
  file:
    path: "{{ nginx_etc_dir }}/conf.d/FAKESITE_{{ item | nginx_site_name }}.conf"
    state: absent
  with_items: "{{ acme_create }}"
Let's encript certificate with acme.sh 2017-12-03 04:22:28 +07:00			`---`

			`- name: SET_FACT \| Assign default..`
			`set_fact:`
			`acme_create: []`

			`- name: STAT \| Check if certificates are already installed`
			`stat:`
			`path: "{{ nginx_ssl_dir }}/{{ item \| nginx_site_name }}/{{ item \| nginx_site_name }}.crt"`
			`with_items: "{{ nginx_ssl_pairs }}"`
			`when: item.acme is defined and item.acme`
			`register: acme_installed_certs`

			`- name: SET_FACT \| Assign var with certificates to create`
			`set_fact:`
Fix acme when acme_port is not defined 2017-12-03 08:08:32 +07:00			`acme_create: "{{ acme_create \| default([]) + [ (item.item \| combine({'listen': ([item.item.acme_port\|default(80)]) }) ) ] }}"`
Let's encript certificate with acme.sh 2017-12-03 04:22:28 +07:00			`with_items: "{{ acme_installed_certs.results }}"`
			`when: item.skipped is not defined and not item.stat.exists`

			`- name: TEMPLATE \| Create fake site`
			`template:`
			`src: "etc/nginx/sites-available/_base.j2"`
			`dest: "{{ nginx_etc_dir }}/conf.d/FAKESITE_{{ item \| nginx_site_name }}.conf"`
			`with_items: "{{ acme_create }}"`
			`register: fake_site`

Manages Ansible 2.4+ with Docker Closes #30 2018-03-16 00:06:38 +07:00			`- name: SERVICE \| Restart nginx`
Let's encript certificate with acme.sh 2017-12-03 04:22:28 +07:00			`service:`
			`name: nginx`
Manages Ansible 2.4+ with Docker Closes #30 2018-03-16 00:06:38 +07:00			`state: restarted`
			`when: fake_site.changed and ansible_virtualization_type != 'docker'`

			`- name: COMMAND \| Restart nginx`
			`command: service nginx restart`
			`when: fake_site.changed and ansible_virtualization_type == 'docker'`
Let's encript certificate with acme.sh 2017-12-03 04:22:28 +07:00
			`- name: SHELL \| Get certificates`
			`shell: '{{ nginx_acmesh_bin }} --issue{% if item.name is string %} -d {{ item.name }}{% else %}{% for name in item.name %} -d {{ name }}{% endfor %}{% endif %} --nginx {% if nginx_acmesh_test %}--test{% endif %}'`
			`args:`
acme.sh : no_log + fix check created 2017-12-03 08:15:48 +07:00			`creates: "/root/.acme.sh/{{ item \| nginx_site_name }}/{{ item \| nginx_site_name }}.key"`
Let's encript certificate with acme.sh 2017-12-03 04:22:28 +07:00			`with_items: "{{ acme_create }}"`
			`register: acme_get`
			`failed_when: acme_get.rc != 0 and acme_get.rc != 2`
Add debug mode 2018-03-15 22:10:37 +07:00			`no_log: not nginx_debug_role`
Let's encript certificate with acme.sh 2017-12-03 04:22:28 +07:00
			`- name: FILE \| Create SSL dir per site`
			`file:`
			`path: "{{ nginx_ssl_dir }}/{{ item \| nginx_site_name }}"`
			`with_items: "{{ acme_create }}"`

			`- name: SHELL \| Install certificates`
			`shell: '{{ nginx_acmesh_bin }} --install-cert -d {{ item \| nginx_site_name }} --fullchain-file {{ nginx_ssl_dir }}/{{ item \| nginx_site_name }}/{{ item \| nginx_site_name }}.crt --key-file {{ nginx_ssl_dir }}/{{ item \| nginx_site_name }}/{{ item \| nginx_site_name }}.key'`
			`args:`
			`creates: "{{ nginx_ssl_dir }}/{{ item \| nginx_site_name }}/{{ item \| nginx_site_name }}.key"`
			`with_items: "{{ nginx_ssl_pairs }}"`
			`when: item.acme is defined and item.acme`
			`notify: restart nginx`

			`- name: FILE \| Delete fake sites`
			`file:`
			`path: "{{ nginx_etc_dir }}/conf.d/FAKESITE_{{ item \| nginx_site_name }}.conf"`
			`state: absent`
			`with_items: "{{ acme_create }}"`