--- - name: Install lego ansible.legacy.unarchive: src: https://github.com/go-acme/lego/releases/download/v{{ lego_version }}/lego_v{{ lego_version }}_linux_amd64.tar.gz dest: "{{ __lego_bin_dir }}" remote_src: True extra_opts: - "{{ __lego_bin_name }}" mode: "0750" - name: Create lego base dir ansible.builtin.file: path: "{{ __lego_base_dir }}/bin" state: directory owner: root group: root mode: "0750" - name: Create LetsEncrypt certificates directory ansible.builtin.file: path: "{{ __lego_base_dir }}/.lego/certificates" state: directory owner: root group: root mode: "0700" recurse: True - name: Create hook scripts ansible.builtin.copy: content: "{{ item.hook }}" dest: "{{ __lego_base_dir }}/bin/hook-{{ item.name }}.sh" owner: root group: root mode: "0700" when: item.hook is defined loop: "{{ lego_certificates }}" loop_control: label: "{{ item.name }}" - name: Obtain certificates for domains ansible.builtin.command: >- {{ __lego_bin_file }} --accept-tos --email="{{ lego_acme_account_email }}" --domains {{ " --domains ".join(item.domains) }} --key-type="{{ lego_key_type }}" --dns="cloudflare" {{ '--dns.resolvers="' + lego_dns_resolvers | join(',') + '"' if lego_dns_resolvers | length > 0 else '' }} run {{ '--run-hook="' + __lego_base_dir + '/bin/hook-' + item.name + '.sh"' if item.hook is defined else '' }} args: creates: "{{ __lego_base_dir }}/.lego/certificates/{{ item.domains[0] }}.crt" environment: LEGO_SERVER: "{{ lego_acme_server }}/directory" LEGO_PATH: "{{ __lego_base_dir }}/.lego" CLOUDFLARE_DNS_API_TOKEN: "{{ lego_cloudflare_api_token }}" when: not item.skip_create | default(False) | bool loop: "{{ lego_certificates }}" loop_control: label: "{{ item.name }}" - name: Add cron scipt to renew certificates ansible.builtin.template: dest: "{{ __lego_base_dir }}/bin/cron-lego-renew.sh" mode: "0700" owner: root group: root src: cron-lego-renew.sh.j2 - name: Add cron job to renew certificates ansible.builtin.cron: name: "lego-renew" cron_file: "lego-renew" job: "{{ __lego_base_dir }}/bin/cron-lego-renew.sh >> {{ __lego_base_dir }}/cron_lego_renew.log 2>&1" hour: "{{ lego_cron_hour }}" minute: "{{ lego_cron_minute }}" user: root state: "{{ 'present' if lego_cron_enabled | bool else 'absent' }}"