diff --git a/defaults/main.yml b/defaults/main.yml index 701a8dd..a5feb33 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,23 +1,14 @@ --- lego_version: 4.18.0 -lego_server: https://acme-v02.api.letsencrypt.org/directory +lego_acme_server: https://acme-v02.api.letsencrypt.org +lego_acme_account__email: "" -lego_cloudflare_email: "" -lego_cloudflare_api_key: "" - -# @var lego_accounts:example: > -# lego_accounts: -# - account_email: user@example.com -# account_number: "862bf8e9-b02a-43f1-9c05-ea073e0e1c7c" -# account_key: "94ecba99-bfbd-4c5a-9fd4-790f1c061a4c" -# @end -lego_accounts: [] +lego_cloudflare_api_token: "" # @var lego_certificates:example: # lego_certificates: -# - account_email: user@example.com -# domains: +# - domains: # - example.com # - www.example.com # skip_create: False diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml index 44f1c13..f77def3 100644 --- a/molecule/default/converge.yml +++ b/molecule/default/converge.yml @@ -2,14 +2,10 @@ - name: Converge hosts: all vars: - lego_server: https://acme-staging-v02.api.letsencrypt.org/directory - lego_accounts: - - account_email: user@example.com - account_number: "862bf8e9-b02a-43f1-9c05-ea073e0e1c7c" - account_key: "94ecba99-bfbd-4c5a-9fd4-790f1c061a4c" + lego_acme_server: https://acme-staging-v02.api.letsencrypt.org + lego_acme_account_email: user@example.com lego_certificates: - - account_email: user@example.com - domains: + - domains: - example.com - www.example.com skip_create: True diff --git a/tasks/main.yml b/tasks/main.yml index f1737f6..0c2d317 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -15,7 +15,6 @@ owner: root group: root mode: "0750" - recurse: True - name: Create LetsEncrypt certificates directory ansible.builtin.file: @@ -26,54 +25,18 @@ mode: "0700" recurse: True -- name: Create LetsEncrypt account directory - ansible.builtin.file: - path: "{{ __lego_base_dir }}/.lego/accounts/acme-v02.api.letsencrypt.org/{{ item.account_email }}/keys" - state: directory - owner: root - group: root - mode: "0700" - recurse: True - loop: "{{ lego_accounts }}" - loop_control: - label: "{{ item.account_email }}" - -- name: Deploy account json - ansible.builtin.template: - dest: "{{ __lego_base_dir }}/.lego/accounts/acme-v02.api.letsencrypt.org/{{ item.account_email | mandatory }}/account.json" - group: root - owner: root - mode: "0600" - src: account.json.j2 - loop: "{{ lego_accounts }}" - loop_control: - label: "{{ item.account_email }}" - -- name: Deploy account key - ansible.builtin.copy: - content: "{{ item.account_key }}" - dest: "{{ __lego_base_dir }}/.lego/accounts/acme-v02.api.letsencrypt.org/{{ item.account_email | mandatory }}/keys/{{ item.account_email }}.key" - owner: root - group: root - mode: "0600" - diff: False - loop: "{{ lego_accounts }}" - loop_control: - label: "{{ item.account_email }}" - - name: Obtain certificates for domains - ansible.builtin.command: '{{ __lego_bin_file }} --email="{{ item.account_email }}" --domains {{ " --domains ".join(item.domains) }} --dns="cloudflare" run' + ansible.builtin.command: '{{ __lego_bin_file }} --email="{{ lego_acme_account_email }}" --domains {{ " --domains ".join(item.domains) }} --dns="cloudflare" run' args: creates: "{{ __lego_base_dir }}/.lego/certificates/{{ item.domains[0] }}.crt" environment: - LEGO_SERVER: "{{ lego_server }}" + LEGO_SERVER: "{{ lego_acme_server }}/directory" LEGO_PATH: "{{ __lego_base_dir }}/.lego" - CLOUDFLARE_EMAIL: "{{ lego_cloudflare_email }}" - CLOUDFLARE_API_KEY: "{{ lego_cloudflare_api_key }}" - when: not item.skip_create | bool + CLOUDFLARE_API_TOKEN: "{{ lego_cloudflare_api_token }}" + when: not item.skip_create | default(False) | bool loop: "{{ lego_certificates }}" loop_control: - label: "{{ item.account_email }}" + label: "{{ item.domains[0] }}" - name: Add cron scipt to renew certificates ansible.builtin.template: diff --git a/templates/account.json.j2 b/templates/account.json.j2 deleted file mode 100644 index faa4e14..0000000 --- a/templates/account.json.j2 +++ /dev/null @@ -1,12 +0,0 @@ -{ - "email": "{{ item.account_email }}", - "registration": { - "body": { - "status": "valid", - "contact": [ - "mailto:{{ item.account_email }}" - ] - }, - "uri": "https://acme-v02.api.letsencrypt.org/acme/acct/{{ item.account_number }}" - } -} diff --git a/templates/cron_lego_renew.sh.j2 b/templates/cron_lego_renew.sh.j2 index 5596feb..cb2ebc8 100644 --- a/templates/cron_lego_renew.sh.j2 +++ b/templates/cron_lego_renew.sh.j2 @@ -2,14 +2,13 @@ # run this script daily to renew any letsencrypt certs that need renewing # renew cert if it expires within 30 days -export LEGO_SERVER="{{ lego_server }}" +export LEGO_SERVER="{{ lego_acme_server }}/directory" export LEGO_PATH="{{ __lego_base_dir }}/.lego" -export CLOUDFLARE_EMAIL="{{ lego_cloudflare_email }}" -export CLOUDFLARE_API_KEY="{{ lego_cloudflare_api_key }}" +export CLOUDFLARE_API_TOKEN="{{ lego_cloudflare_api_token }}" {% for cert in lego_certificates %} echo "$(date) checking for cert update for {{ ', '.join(cert.domains) }}." -{{ __lego_bin_file }} --email="{{ cert.account_email }}" --domains {{ ' --domains '.join(cert.domains) }} --dns="cloudflare" renew --days 30 +{{ __lego_bin_file }} --email="{{ lego_acme_account_email }}" --domains {{ ' --domains '.join(cert.domains) }} --dns="cloudflare" renew --days 30 {% endfor %}