Skip to content
Snippets Groups Projects
Verified Commit 9e730ab6 authored by Jan Alexander Steffens (heftig)'s avatar Jan Alexander Steffens (heftig)
Browse files

certificate: Allow passing an explicit name 

Don't require the cert to have the same name as the first domain.
parent 92376891
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
roles/certificate/tasks/main.yml
+ 6
6
View file @ 9e730ab6
- name: Create ssl cert (HTTP-01)
- name: Create ssl cert (HTTP-01) named {{ cert_name | default(domains | first) }}
shell: |
set -o pipefail
# We can't start nginx without the certificate and we can't issue a certificate without nginx running.
# So use Python built-in http.server for the initial certificate issuance
python -m http.server --directory {{ letsencrypt_validation_dir }} 80 &
trap "jobs -p | xargs --no-run-if-empty kill" EXIT
certbot certonly --email {{ certificate_contact_email }} --agree-tos --key-type ecdsa --renew-by-default --webroot -w {{ letsencrypt_validation_dir }} -d {{ domains | join(' -d ') }}
certbot certonly --email {{ certificate_contact_email }} --agree-tos --key-type ecdsa --renew-by-default --webroot -w {{ letsencrypt_validation_dir }} -d {{ domains | join(' -d ') }} --cert-name {{ cert_name | default(domains | first) }}
args:
creates: '/etc/letsencrypt/live/{{ domains | first }}/fullchain.pem'
creates: '/etc/letsencrypt/live/{{ cert_name | default(domains | first) }}/fullchain.pem'
when: challenge | default(certificate_challenge) == "HTTP-01"
- name: Create ssl cert (DNS-01)
command: certbot certonly --email {{ certificate_contact_email }} --agree-tos --key-type ecdsa --renew-by-default --dns-rfc2136 --dns-rfc2136-credentials /etc/letsencrypt/rfc2136.ini -d {{ domains | join(' -d ') }}
- name: Create ssl cert (DNS-01) named {{ cert_name | default(domains | first) }}
command: certbot certonly --email {{ certificate_contact_email }} --agree-tos --key-type ecdsa --renew-by-default --dns-rfc2136 --dns-rfc2136-credentials /etc/letsencrypt/rfc2136.ini -d {{ domains | join(' -d ') }} --cert-name {{ cert_name | default(domains | first) }}
args:
creates: '/etc/letsencrypt/live/{{ domains | first }}/fullchain.pem'
creates: '/etc/letsencrypt/live/{{ cert_name | default(domains | first) }}/fullchain.pem'
when: challenge | default(certificate_challenge) == "DNS-01"
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment