diff --git a/tasks/main.yml b/tasks/main.yml index 6e72480..07d0e71 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -31,7 +31,7 @@ dest: "{{ __lego_base_dir }}/bin/hook-{{ item.name }}.sh" owner: root group: root - mode: "0600" + mode: "0700" when: item.hook is defined loop: "{{ lego_certificates }}" loop_control: @@ -47,7 +47,7 @@ --dns="cloudflare" {{ '--dns.resolvers="' + lego_dns_resolvers | join(',') + '"' if lego_dns_resolvers | length > 0 else '' }} run - {{ '--run-hook="hook-' + cert.name + '.sh"' if cert.hook is defined else '' }} + {{ '--run-hook="' + __lego_base_dir + '/bin/hook-' + item.name + '.sh"' if item.hook is defined else '' }} args: creates: "{{ __lego_base_dir }}/.lego/certificates/{{ item.domains[0] }}.crt" environment: diff --git a/templates/cron-lego-renew.sh.j2 b/templates/cron-lego-renew.sh.j2 index 5cc17c6..c45f64e 100644 --- a/templates/cron-lego-renew.sh.j2 +++ b/templates/cron-lego-renew.sh.j2 @@ -1,4 +1,4 @@ -#!/bin/env bash +#!/usr/bin/env bash # run this script daily to renew any letsencrypt certs that need renewing # renew cert if it expires within 30 days @@ -8,6 +8,6 @@ export CLOUDFLARE_DNS_API_TOKEN="{{ lego_cloudflare_api_token }}" {% for cert in lego_certificates %} echo "$(date) checking for cert update for {{ ', '.join(cert.domains) }}." -{{ __lego_bin_file }} --email="{{ lego_acme_account_email }}" --domains {{ ' --domains '.join(cert.domains) }} --key-type="{{ lego_key_type }}" --dns="cloudflare" {{ '--dns.resolvers="' + lego_dns_resolvers | join(',') + '"' if lego_dns_resolvers | length > 0 else '' }} renew {{ '--renew-hook="hook-' + cert.name + '.sh"' if cert.hook is defined else '' }} --days 30 +{{ __lego_bin_file }} --email="{{ lego_acme_account_email }}" --domains {{ ' --domains '.join(cert.domains) }} --key-type="{{ lego_key_type }}" --dns="cloudflare" {{ '--dns.resolvers="' + lego_dns_resolvers | join(',') + '"' if lego_dns_resolvers | length > 0 else '' }} renew {{ '--run-hook="' + __lego_base_dir + '/bin/hook-' + cert.name + '.sh"' if cert.hook is defined else '' }} --days 30 {% endfor %}