diff options
author | Aaron LI <aly@aaronly.me> | 2018-03-04 18:39:50 +0800 |
---|---|---|
committer | Aaron LI <aly@aaronly.me> | 2018-03-14 11:35:08 +0800 |
commit | 161c8d21059ca3e709f03de9205e24ef0820c3d0 (patch) | |
tree | 3a6737ae0541b6dcbb6513358484a6e16dece6f4 /roles | |
parent | b9ce06b9729574cd79f494dcd7c01dcc381ac708 (diff) | |
download | ansible-dfly-vps-161c8d21059ca3e709f03de9205e24ef0820c3d0.tar.bz2 |
web: setup acme periodic tasks for cert renewal
Diffstat (limited to 'roles')
-rw-r--r-- | roles/web/tasks/main.yml | 14 |
1 files changed, 12 insertions, 2 deletions
diff --git a/roles/web/tasks/main.yml b/roles/web/tasks/main.yml index 5d736a4..e2b71b7 100644 --- a/roles/web/tasks/main.yml +++ b/roles/web/tasks/main.yml @@ -17,7 +17,7 @@ - name: (local) ssl/tls - generate dhparam (4096 bit) become: false command: > - openssl dhparam + openssl dhparam -out "{{ playbook_dir }}/ssl/dhparam4096.pem" 4096 delegate_to: localhost when: not stat_result.stat.exists @@ -83,7 +83,7 @@ - name: (local) acme - generate account private key (4096 bit) become: false command: > - openssl genrsa + openssl genrsa -out "{{ playbook_dir }}/private/acme/privkey.pem" 4096 delegate_to: localhost when: not stat_result.stat.exists @@ -123,6 +123,16 @@ - name: acme - request domain certificates command: sh /usr/local/etc/acme/acme-client.sh -e +- name: acme - setup periodic tasks for cert renewal + blockinfile: + path: /etc/periodic.conf + marker: "# {mark} ANSIBLE MANAGED - acme" + block: | + # Auto renew certificates with acme-client + weekly_acme_client_enable="YES" + weekly_acme_client_renewscript="/usr/local/etc/acme/acme-client.sh" + weekly_acme_client_deployscript="/usr/local/etc/acme/deploy.sh" + - name: nginx - re-generate sites include_tasks: nginx-gensites.yml notify: reload-nginx |