jonathan/infra
1
0
Fork 0
Code Actions Activity

add cert renewal logic

Browse Source
This commit is contained in:
Jonathan DeMasi
2026-03-03 18:09:42 -07:00
parent e39e96e0db
commit 9776674bff
1 changed files with 15 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
ansible/roles/lego/tasks/generate_cert.yaml
View File

@@ -1,3 +1,8 @@
- name: Check if SSL cert already exists for domain
stat:
path: "/root/.lego/certificates/{{ inventory_hostname | default(cert_domain) }}.crt"
register: existing_cert_check
- name: Generate initial cert (http) - name: Generate initial cert (http)
command: command:
cmd: /usr/local/bin/lego -a --email="{{ letsencrypt_email }}" --domains="{{ inventory_hostname | default(cert_domain) }}" --key-type {{ cert_key_type | default('rsa4096') }} --http run cmd: /usr/local/bin/lego -a --email="{{ letsencrypt_email }}" --domains="{{ inventory_hostname | default(cert_domain) }}" --key-type {{ cert_key_type | default('rsa4096') }} --http run
@@ -15,3 +20,13 @@
LINODE_PROPAGATION_TIMEOUT: 600 LINODE_PROPAGATION_TIMEOUT: 600
LINODE_TOKEN: "{{ linode_dns_token }}" LINODE_TOKEN: "{{ linode_dns_token }}"
when: lego_method == 'dns' when: lego_method == 'dns'
- name: Renew cert (dns)
command:
cmd: /usr/local/bin/lego -a --email="{{ letsencrypt_email }}" --dns linode --domains="{{ inventory_hostname | default(cert_domain) }}" --key-type {{ cert_key_type | default('rsa4096') }} renew
chdir: /root
environment:
LINODE_POLLING_INTERVAL: 120
LINODE_PROPAGATION_TIMEOUT: 600
LINODE_TOKEN: "{{ linode_dns_token }}"
when: lego_method == 'dns' and existing_cert_check.stat.exists