Commit 5eb78db9 authored by Jocelyn Delalande's avatar Jocelyn Delalande

letsencrypt: implement multi-cert

parent f1762cdc
......@@ -6,7 +6,7 @@
letsencrypt_webroot_path: /var/www
letsencrypt_authenticator: webroot
letsencrypt_email: "webmaster@{{ ansible_domain }}"
letsencrypt_command: "{{ letsencrypt_venv }}/bin/letsencrypt --agree-tos {% if letsencrypt_rsa_key_size is defined %}--rsa-key-size {{ letsencrypt_rsa_key_size }}{% endif %} --text {% for domain in letsencrypt_cert_domains %}-d {{ domain }} {% endfor %}--email {{ letsencrypt_email }} {% if letsencrypt_server is defined %}--server {{ letsencrypt_server }}{% endif %} --expand"
letsencrypt_command: "{{ letsencrypt_venv }}/bin/letsencrypt --agree-tos {% if letsencrypt_rsa_key_size is defined %}--rsa-key-size {{ letsencrypt_rsa_key_size }}{% endif %} --text --email {{ letsencrypt_email }} {% if letsencrypt_server is defined %}--server {{ letsencrypt_server }}{% endif %} --expand "
letsencrypt_renewal_frequency:
day: "*"
hour: 0
......
......@@ -41,9 +41,10 @@
file: path="{{ letsencrypt_webroot_path }}" state=directory recurse=yes mode="a+rw"
- name: Attempt to get the certificate using the webroot authenticator
command: "{{ letsencrypt_command }} -a webroot --webroot-path {{ letsencrypt_webroot_path }} certonly"
command: "{{ letsencrypt_command }} -a webroot --webroot-path {{ letsencrypt_webroot_path }} certonly -d {{ item }}"
args:
creates: "/etc/letsencrypt/live/{{ letsencrypt_cert_domains[0] }}"
creates: "/etc/letsencrypt/live/{{ item }}"
with_items: letsencrypt_cert_domains
# - name: Fix the webroot map in the renewal file
# ini_file: section="[webroot_map]" option={{ item }} value={{ letsencrypt_webroot_path }} dest="/etc/letsencrypt/renewal/{{ letsencrypt_cert_domains[0] }}.conf"
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment