aboutsummaryrefslogtreecommitdiffstats
path: root/roles
diff options
context:
space:
mode:
authorAaron LI <aly@aaronly.me>2018-03-04 18:39:50 +0800
committerAaron LI <aly@aaronly.me>2018-03-14 11:35:08 +0800
commit161c8d21059ca3e709f03de9205e24ef0820c3d0 (patch)
tree3a6737ae0541b6dcbb6513358484a6e16dece6f4 /roles
parentb9ce06b9729574cd79f494dcd7c01dcc381ac708 (diff)
downloadansible-dfly-vps-161c8d21059ca3e709f03de9205e24ef0820c3d0.tar.bz2
web: setup acme periodic tasks for cert renewal
Diffstat (limited to 'roles')
-rw-r--r--roles/web/tasks/main.yml14
1 files changed, 12 insertions, 2 deletions
diff --git a/roles/web/tasks/main.yml b/roles/web/tasks/main.yml
index 5d736a4..e2b71b7 100644
--- a/roles/web/tasks/main.yml
+++ b/roles/web/tasks/main.yml
@@ -17,7 +17,7 @@
- name: (local) ssl/tls - generate dhparam (4096 bit)
become: false
command: >
- openssl dhparam
+ openssl dhparam
-out "{{ playbook_dir }}/ssl/dhparam4096.pem" 4096
delegate_to: localhost
when: not stat_result.stat.exists
@@ -83,7 +83,7 @@
- name: (local) acme - generate account private key (4096 bit)
become: false
command: >
- openssl genrsa
+ openssl genrsa
-out "{{ playbook_dir }}/private/acme/privkey.pem" 4096
delegate_to: localhost
when: not stat_result.stat.exists
@@ -123,6 +123,16 @@
- name: acme - request domain certificates
command: sh /usr/local/etc/acme/acme-client.sh -e
+- name: acme - setup periodic tasks for cert renewal
+ blockinfile:
+ path: /etc/periodic.conf
+ marker: "# {mark} ANSIBLE MANAGED - acme"
+ block: |
+ # Auto renew certificates with acme-client
+ weekly_acme_client_enable="YES"
+ weekly_acme_client_renewscript="/usr/local/etc/acme/acme-client.sh"
+ weekly_acme_client_deployscript="/usr/local/etc/acme/deploy.sh"
+
- name: nginx - re-generate sites
include_tasks: nginx-gensites.yml
notify: reload-nginx