Let's encript certificate with acme.sh

tasks/main.yml

@@ -5,7 +5,7 @@
   tags: ['nginx::site', 'nginx::ssl']
 
 - name: INCLUDE | Install
-  include: install_{{ ansible_distribution }}.yml
+  include: "install_{{ ansible_distribution }}.yml"
   tags: ['nginx::site', 'nginx::ssl']
 
 - name: INCLUDE | Prepare
@@ -26,7 +26,7 @@
   include: htpasswd.yml
 
 - name: INCLUDE | SSL configuration
-  include: ssl.yml
+  include: ssl/main.yml
   tags: ['nginx::ssl']
 
 - name: INCLUDE | Sites configuration

tasks/ssl/acme.yml

@@ -0,0 +1,82 @@
+---
+
+- name: APT | Install git
+  apt: pkg=git
+
+- name: SET_FACT | Assign default..
+  set_fact:
+    acme_create: []
+
+- name: STAT | Check acme.sh is installed
+  stat:
+    path: "{{ nginx_acmesh_dir }}"
+  register: acme
+
+- block:
+
+  - name: GIT | Get acme.sh
+    git:
+      repo: 'https://github.com/Neilpang/acme.sh.git'
+      dest: '{{ nginx_acmesh_git_dir }}'
+      update: no
+
+  - name: SHELL | Install acme.sh
+    shell: ./acme.sh --install --home {{ nginx_acmesh_dir }} --cert-home {{ nginx_acmesh_dir }}
+    args:
+      chdir: "{{ nginx_acmesh_git_dir }}"
+      creates: "{{ nginx_acmesh_dir }}"
+
+  when: not acme.stat.exists
+
+- name: STAT | Check if certificates are already installed
+  stat:
+    path: "{{ nginx_ssl_dir }}/{{ item | nginx_site_name }}/{{ item | nginx_site_name }}.crt"
+  with_items: "{{ nginx_ssl_pairs }}"
+  when: item.acme is defined and item.acme
+  register: acme_installed_certs
+
+- name: SET_FACT | Assign var with certificates to create
+  set_fact:
+    acme_create: "{{ acme_create | default([]) + [ (item.item | combine({'listen': ([item.item.acme_port]|default([])) }) ) ] }}"
+  with_items: "{{ acme_installed_certs.results }}"
+  when: item.skipped is not defined and not item.stat.exists
+
+- name: TEMPLATE | Create fake site
+  template:
+    src: "etc/nginx/sites-available/_base.j2"
+    dest: "{{ nginx_etc_dir }}/conf.d/FAKESITE_{{ item | nginx_site_name }}.conf"
+  with_items: "{{ acme_create }}"
+  register: fake_site
+
+- name: SERVICE | Reload nginx
+  service:
+    name: nginx
+    state: reloaded
+  when: fake_site.changed
+
+- name: SHELL | Get certificates
+  shell: '{{ nginx_acmesh_bin }} --issue{% if item.name is string %} -d {{ item.name }}{% else %}{% for name in item.name %} -d {{ name }}{% endfor %}{% endif %} --nginx {% if nginx_acmesh_test %}--test{% endif %}'
+  args:
+    creates: "/opt/acme.sh/{{ item | nginx_site_name }}/{{ item | nginx_site_name }}.key"
+  with_items: "{{ acme_create }}"
+  register: acme_get
+  failed_when: acme_get.rc != 0 and acme_get.rc != 2
+
+- name: FILE | Create SSL dir per site
+  file:
+    path: "{{ nginx_ssl_dir }}/{{ item | nginx_site_name }}"
+  with_items: "{{ acme_create }}"
+
+- name: SHELL | Install certificates
+  shell: '{{ nginx_acmesh_bin }} --install-cert -d {{ item | nginx_site_name }} --fullchain-file {{ nginx_ssl_dir }}/{{ item | nginx_site_name }}/{{ item | nginx_site_name }}.crt --key-file {{ nginx_ssl_dir }}/{{ item | nginx_site_name }}/{{ item | nginx_site_name }}.key'
+  args:
+    creates: "{{ nginx_ssl_dir }}/{{ item | nginx_site_name }}/{{ item | nginx_site_name }}.key"
+  with_items: "{{ nginx_ssl_pairs }}"
+  when: item.acme is defined and item.acme
+  notify: restart nginx
+
+- name: FILE | Delete fake sites
+  file:
+    path: "{{ nginx_etc_dir }}/conf.d/FAKESITE_{{ item | nginx_site_name }}.conf"
+    state: absent
+  with_items: "{{ acme_create }}"

tasks/ssl/main.yml

@@ -0,0 +1,8 @@
+---
+
+- name: INCLUDE | standard.yml
+  include: standard.yml
+
+- name: INCLUDE | acme.yml
+  include: acme.yml
+  when: nginx_acmesh