Merge branch 'cert-stuff-note' into 'master'

certificate: Explain why we use Python http.server See merge request !268

Merge branch 'cert-stuff-note' into 'master'
certificate: Explain why we use Python http.server See merge request !268
5befc1f2 · Sven-Hendrik Haase · 42f5ceb4 · e8b1d8dd · 5befc1f2
Commit 5befc1f2 authored Jan 10, 2021 by Sven-Hendrik Haase
--- a/roles/certificate/tasks/main.yml
+++ b/roles/certificate/tasks/main.yml
 - name: create ssl cert
  shell: |
    set -o pipefail
+    # We can't start nginx without the certificate and we can't issue a certificate without nginx running.
+    # So use Python built-in http.server for the initial certificate issuance
    python -m http.server --directory {{ letsencrypt_validation_dir }} 80 &
    trap "jobs -p | xargs --no-run-if-empty kill" EXIT
    certbot certonly --email {{ certificate_contact_email }} --agree-tos --rsa-key-size {{ certificate_rsa_key_size }} --renew-by-default --webroot -w {{ letsencrypt_validation_dir }} -d {{ domains | join(' -d ') }}