20 lines
591 B
YAML
20 lines
591 B
YAML
---
|
|
- name: ensure letsencrypt is up-to-date
|
|
apt:
|
|
name: certbot
|
|
state: latest
|
|
|
|
- name: create letsencrypt webroot
|
|
file:
|
|
path: /var/www/letsencrypt
|
|
state: directory
|
|
owner: root
|
|
group: www-data
|
|
mode: '0775'
|
|
|
|
- name: ensure all the domains have a tls certificate
|
|
shell: "[ -f /etc/letsencrypt/live/{{ item.domain_name }}/fullchain.pem ] || certbot certonly --agree-tos -m {{ item.cert_email }} --webroot -w /var/www/letsencrypt -d {{ item.domain_name }}"
|
|
when: item.cert_email is defined
|
|
with_items: "{{ gateway.proxied_services }}"
|
|
notify: reload_nginx
|