From 0a4373bb581007dfb00db8b37afe4fc6fad2f7f0 Mon Sep 17 00:00:00 2001
From: Jonathan DeMasi <me@jthan.io>
Date: Sat, 24 Jan 2026 13:45:22 -0700
Subject: [PATCH] add copy cert and keys

---
 ansible/roles/openldap_server/tasks/tls.yaml | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/ansible/roles/openldap_server/tasks/tls.yaml b/ansible/roles/openldap_server/tasks/tls.yaml
index 1d115fa..83d9761 100644
--- a/ansible/roles/openldap_server/tasks/tls.yaml
+++ b/ansible/roles/openldap_server/tasks/tls.yaml
@@ -1,3 +1,21 @@
+- name: Copy TLS cert into place
+  copy:
+    src: "/root/.lego/certificates/{{ inventory_hostname | default(cert_domain) }}.crt"
+    dest: /etc/openldap/certs/ldap.crt
+    owner: ldap
+    group: ldap
+    mode: 0600
+    remote_src: true
+
+- name: Copy cert private key into place
+  copy:
+    src: "/root/.lego/certificates/{{ inventory_hostname | default(cert_domain) }}.key"
+    dest: /etc/openldap/certs/ldap.key
+    owner: ldap
+    group: ldap
+    mode: 0600
+    remote_src: true
+
 - name: Configure TLS cert
   community.general.ldap_attrs:
     dn: cn=config