diff --git a/defaults/main.yml b/defaults/main.yml index 44fe2c3..f173e27 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -2,9 +2,13 @@ lego_version: 4.18.0 lego_acme_server: https://acme-v02.api.letsencrypt.org -lego_acme_account_email: "" +# @var lego_acme_account_email:example: $ "user@example.com" +# @var lego_acme_account_email:value: $ "_unset_" -lego_cloudflare_api_token: "" +# @var lego_cloudflare_api_token:value: $ "_unset_" +# @var lego_cloudflare_api_token:example: $ "_dhTdcj9g9s7gcpbN7qsh9CR3RMVHdM7v" + +lego_dns_resolvers: [] lego_key_type: "ec256" diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml index f77def3..81c3dba 100644 --- a/molecule/default/converge.yml +++ b/molecule/default/converge.yml @@ -5,7 +5,8 @@ lego_acme_server: https://acme-staging-v02.api.letsencrypt.org lego_acme_account_email: user@example.com lego_certificates: - - domains: + - name: example + domains: - example.com - www.example.com skip_create: True diff --git a/tasks/main.yml b/tasks/main.yml index 854d132..6e72480 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -45,8 +45,9 @@ --domains {{ " --domains ".join(item.domains) }} --key-type="{{ lego_key_type }}" --dns="cloudflare" + {{ '--dns.resolvers="' + lego_dns_resolvers | join(',') + '"' if lego_dns_resolvers | length > 0 else '' }} run - {{ '--run-hook="{{ __lego_base_dir }}/bin/hook-{{ item.name }}.sh"' if item.hook is defined else '' }} + {{ '--run-hook="hook-' + cert.name + '.sh"' if cert.hook is defined else '' }} args: creates: "{{ __lego_base_dir }}/.lego/certificates/{{ item.domains[0] }}.crt" environment: diff --git a/templates/cron-lego-renew.sh.j2 b/templates/cron-lego-renew.sh.j2 index 732533e..5cc17c6 100644 --- a/templates/cron-lego-renew.sh.j2 +++ b/templates/cron-lego-renew.sh.j2 @@ -8,6 +8,6 @@ export CLOUDFLARE_DNS_API_TOKEN="{{ lego_cloudflare_api_token }}" {% for cert in lego_certificates %} echo "$(date) checking for cert update for {{ ', '.join(cert.domains) }}." -{{ __lego_bin_file }} --email="{{ lego_acme_account_email }}" --domains {{ ' --domains '.join(cert.domains) }} --key-type="{{ lego_key_type }}" --dns="cloudflare" renew {{ '--run-hook="hook-{{ item.name }}.sh"' if item.hook is defined else '' }} --days 30 +{{ __lego_bin_file }} --email="{{ lego_acme_account_email }}" --domains {{ ' --domains '.join(cert.domains) }} --key-type="{{ lego_key_type }}" --dns="cloudflare" {{ '--dns.resolvers="' + lego_dns_resolvers | join(',') + '"' if lego_dns_resolvers | length > 0 else '' }} renew {{ '--renew-hook="hook-' + cert.name + '.sh"' if cert.hook is defined else '' }} --days 30 {% endfor %}