--- - name: APT | Install git apt: pkg=git - name: SET_FACT | Assign default.. set_fact: acme_create: [] - name: STAT | Check acme.sh is installed stat: path: "{{ nginx_acmesh_dir }}" register: acme - block: - name: GIT | Get acme.sh git: repo: 'https://github.com/Neilpang/acme.sh.git' dest: '{{ nginx_acmesh_git_dir }}' update: no - name: SHELL | Install acme.sh shell: ./acme.sh --install --home {{ nginx_acmesh_dir }} --cert-home {{ nginx_acmesh_dir }} args: chdir: "{{ nginx_acmesh_git_dir }}" creates: "{{ nginx_acmesh_dir }}" when: not acme.stat.exists - name: STAT | Check if certificates are already installed stat: path: "{{ nginx_ssl_dir }}/{{ item | nginx_site_name }}/{{ item | nginx_site_name }}.crt" with_items: "{{ nginx_ssl_pairs }}" when: item.acme is defined and item.acme register: acme_installed_certs - name: SET_FACT | Assign var with certificates to create set_fact: acme_create: "{{ acme_create | default([]) + [ (item.item | combine({'listen': ([item.item.acme_port|default(80)]) }) ) ] }}" with_items: "{{ acme_installed_certs.results }}" when: item.skipped is not defined and not item.stat.exists - name: TEMPLATE | Create fake site template: src: "etc/nginx/sites-available/_base.j2" dest: "{{ nginx_etc_dir }}/conf.d/FAKESITE_{{ item | nginx_site_name }}.conf" with_items: "{{ acme_create }}" register: fake_site - name: SERVICE | Restart nginx service: name: nginx state: restarted when: fake_site.changed and ansible_virtualization_type != 'docker' - name: COMMAND | Restart nginx command: service nginx restart when: fake_site.changed and ansible_virtualization_type == 'docker' - name: SHELL | Get certificates shell: '{{ nginx_acmesh_bin }} --issue{% if item.name is string %} -d {{ item.name }}{% else %}{% for name in item.name %} -d {{ name }}{% endfor %}{% endif %} --nginx {% if nginx_acmesh_test %}--test{% endif %}' args: creates: "/root/.acme.sh/{{ item | nginx_site_name }}/{{ item | nginx_site_name }}.key" with_items: "{{ acme_create }}" register: acme_get failed_when: acme_get.rc != 0 and acme_get.rc != 2 no_log: not nginx_debug_role - name: FILE | Create SSL dir per site file: path: "{{ nginx_ssl_dir }}/{{ item | nginx_site_name }}" with_items: "{{ acme_create }}" - name: SHELL | Install certificates shell: '{{ nginx_acmesh_bin }} --install-cert -d {{ item | nginx_site_name }} --fullchain-file {{ nginx_ssl_dir }}/{{ item | nginx_site_name }}/{{ item | nginx_site_name }}.crt --key-file {{ nginx_ssl_dir }}/{{ item | nginx_site_name }}/{{ item | nginx_site_name }}.key' args: creates: "{{ nginx_ssl_dir }}/{{ item | nginx_site_name }}/{{ item | nginx_site_name }}.key" with_items: "{{ nginx_ssl_pairs }}" when: item.acme is defined and item.acme notify: restart nginx - name: FILE | Delete fake sites file: path: "{{ nginx_etc_dir }}/conf.d/FAKESITE_{{ item | nginx_site_name }}.conf" state: absent with_items: "{{ acme_create }}"