Fix acme create

meta/main.yml

@@ -11,7 +11,9 @@ galaxy_info:
     - jessie
   - name: FreeBSD
     versions:
-    - 10.2
+    - 11.0
+    - 11.1
+    - 12.0
   galaxy_tags:
   - web
   - proxy

tasks/ssl/acme.yml

@@ -13,17 +13,24 @@
 
 - name: SET_FACT | Assign var with certificates to create
   set_fact:
-    acme_create: "{{ acme_create | default([]) + [ (item.item | combine({'listen': ([item.item.acme_port|default(80)]) }) ) ] }}"
+    acme_create: "{{ acme_create | default([]) + [ (item.item) ] }}"
   with_items: "{{ acme_installed_certs.results }}"
   when: item.skipped is not defined and not item.stat.exists
 
 - name: TEMPLATE | Create fake site
   template:
-    src: "etc/nginx/sites-available/_base.j2"
+    src: "etc/nginx/conf.d/FAKESITE.conf.j2"
     dest: "{{ nginx_etc_dir }}/conf.d/FAKESITE_{{ item | nginx_site_name }}.conf"
   with_items: "{{ acme_create }}"
   register: fake_site
 
+- name: FILE | Delete current site if needed
+  file:
+    path: "{{ nginx_etc_dir }}/sites-enabled/{{ item | nginx_site_name }}"
+    state: absent
+  with_items: "{{ acme_create }}"
+  when: fake_site.changed
+
 - name: SERVICE | Restart nginx
   service:
     name: nginx
@@ -49,7 +56,7 @@
   with_items: "{{ acme_create }}"
 
 - name: SHELL | Install certificates
-  shell: '{{ nginx_acmesh_bin }} --install-cert -d {{ item | nginx_site_name }} --fullchain-file {{ nginx_ssl_dir }}/{{ item | nginx_site_name }}/{{ item | nginx_site_name }}.crt --key-file {{ nginx_ssl_dir }}/{{ item | nginx_site_name }}/{{ item | nginx_site_name }}.key'
+  shell: '{{ nginx_acmesh_bin }} --install-cert -d {{ item | nginx_site_name }} --fullchain-file {{ nginx_ssl_dir }}/{{ item | nginx_site_name }}/{{ item | nginx_site_name }}.crt --key-file {{ nginx_ssl_dir }}/{{ item | nginx_site_name }}/{{ item | nginx_site_name }}.key --reloadcmd "service nginx restart"'
   args:
     creates: "{{ nginx_ssl_dir }}/{{ item | nginx_site_name }}/{{ item | nginx_site_name }}.key"
   with_items: "{{ nginx_ssl_pairs }}"

tasks/ssl/standard.yml

@@ -18,7 +18,7 @@
 
 - name: FILE | Create SSL directories
   file:
-    path: "{{ nginx_ssl_dir + '/' + item.name }}"
+    path: "{{ nginx_ssl_dir + '/' + item | nginx_site_name }}"
     state: directory
   with_items: "{{ nginx_ssl_pairs }}"
   when: item.dest_key is not defined or item.dest_cert is not defined
@@ -27,7 +27,7 @@
 - name: COPY | Deploy SSL keys
   copy:
     content: "{{ item.key }}"
-    dest: "{{ nginx_ssl_dir + '/' + item.name + '/' + item.name + '.key' if item.dest_key is not defined else item.dest_key }}"
+    dest: "{{ nginx_ssl_dir + '/' + item | nginx_site_name + '/' + item | nginx_site_name + '.key' if item.dest_key is not defined else item.dest_key }}"
     mode: 0640
   with_items: "{{ nginx_ssl_pairs }}"
   when: item.key is defined
@@ -37,7 +37,7 @@
 - name: COPY | Deploy SSL certs
   copy:
     content: "{{ item.cert }}"
-    dest: "{{ nginx_ssl_dir + '/' + item.name + '/' + item.name + '.crt' if item.dest_cert is not defined else item.dest_cert }}"
+    dest: "{{ nginx_ssl_dir + '/' + item | nginx_site_name + '/' + item | nginx_site_name + '.crt' if item.dest_cert is not defined else item.dest_cert }}"
     mode: 0644
   with_items: "{{ nginx_ssl_pairs }}"
   when: item.cert is defined

templates/etc/nginx/conf.d/FAKESITE.conf.j2

@@ -0,0 +1,10 @@
+server {
+	listen {{ item.acme_port | default('80') }};
+	listen [::]:{{ item.acme_port | default('80') }};
+
+	server_name {% if item.name is string %}{{ item.name }}{% else %}{{ item.name | join(" ") }}{% endif %}{% if item.redirect_from is defined %} {% if item.redirect_from is string %}{{ item.redirect_from }}{% else %}{{ item.redirect_from | join(" ") }}{% endif %}{% endif %};
+
+	location / {
+		return 503;
+	}
+}

templates/etc/nginx/sites-available/_base.j2

@@ -1,7 +1,7 @@
 {% set __proto = item.proto | default(['http']) %}
 {% set __main_name =  item | nginx_site_filename %}
-{% set __listen = item.listen | default([80]) %}
-{% set __listen_ssl = item.listen_ssl | default([443]) %}
+{% set __listen = item.listen | default(['80', '[::]:80']) %}
+{% set __listen_ssl = item.listen_ssl | default(['443', '[::]:443']) %}
 {% set __http_proxy_protocol_port = item.http_proxy_protocol_port | default([]) %}
 {% set __https_proxy_protocol_port = item.https_proxy_protocol_port | default([]) %}
 {% set __location = item.location | default({}) %}
@@ -17,7 +17,7 @@
 {%- endif %}
 {%- endmacro %}
 {% macro ssl(ssl_name) %}
-{% for sn in nginx_ssl_pairs if sn.name == ssl_name %}
+{% for sn in nginx_ssl_pairs if ((sn.name is string and sn.name == ssl_name) or (sn.name.0 == ssl_name)) %}
 	ssl_certificate {{ nginx_ssl_dir + '/' + ssl_name + '/' + ssl_name + '.crt' if sn.dest_cert is not defined else sn.dest_cert }};
 	ssl_certificate_key {{ nginx_ssl_dir + '/' + ssl_name + '/' + ssl_name + '.key' if sn.dest_key is not defined else sn.dest_key }};
 {% endfor %}

tests/test.yml

@@ -72,7 +72,8 @@
     nginx_acmesh: true
     nginx_acmesh_test: true
     nginx_ssl_pairs:
-      - name: '{{ ngrok.stdout }}'
+      - name:
+          - '{{ ngrok.stdout }}'
         acme: true
         acme_port: 8888
       - name: 'test-ssl-predeployed.local'