--- - name: COMMAND | Generate DH file command: openssl dhparam -out {{ nginx_dh_path }} {{ nginx_dh_length }} args: creates: "{{ nginx_dh_path }}" when: nginx_dh is not string notify: restart nginx async: 1000 register: dh - name: COPY | Deploy DH file from vars copy: content: "{{ nginx_dh }}" dest: "{{ nginx_dh_path }}" when: nginx_dh is string notify: restart nginx - name: FILE | Create SSL directories file: path: "{{ nginx_ssl_dir + '/' + item | nginx_site_name }}" state: directory loop: "{{ nginx_ssl_pairs }}" when: item.dest_key is not defined or item.dest_cert is not defined no_log: not nginx_debug_role - name: COPY | Deploy SSL keys copy: content: "{{ item.key }}" dest: "{{ nginx_ssl_dir + '/' + item | nginx_site_name + '/' + item | nginx_site_name + '.key' if item.dest_key is not defined else item.dest_key }}" mode: 0640 loop: "{{ nginx_ssl_pairs }}" when: item.key is defined notify: restart nginx no_log: not nginx_debug_role - name: COPY | Deploy SSL certs copy: content: "{{ item.cert }}" dest: "{{ nginx_ssl_dir + '/' + item | nginx_site_name + '/' + item | nginx_site_name + '.crt' if item.dest_cert is not defined else item.dest_cert }}" mode: 0644 loop: "{{ nginx_ssl_pairs }}" when: item.cert is defined notify: restart nginx no_log: not nginx_debug_role - name: COMMAND | Create self-signed certificates command: "openssl req -new -newkey rsa:2048 -sha256 -days 3650 -nodes -x509 -subj '/CN={{ item | nginx_site_name }}' -keyout {{ item | nginx_site_name + '.key' }} -out {{ item | nginx_site_name + '.crt' }}" args: chdir: "{{ nginx_ssl_dir + '/' + item | nginx_site_name }}" creates: "{% if item.force is defined and item.force %}/tmp/dummy{% else %}{{ nginx_ssl_dir + '/' + item | nginx_site_name + '/' + item | nginx_site_name + '.crt' }}{% endif %}" loop: "{{ nginx_ssl_pairs }}" when: item.self_signed is defined notify: restart nginx no_log: not nginx_debug_role - name: Check DH command status async_status: jid: "{{ dh.ansible_job_id }}" register: job_result until: job_result.finished retries: 30 when: not ansible_check_mode and nginx_dh is not string