25 lines
1.0 KiB
YAML
25 lines
1.0 KiB
YAML
|
|
- name: Request SSL certifiate to letsencrypt
|
|
block:
|
|
- name: Obtain or renew SSL certificate for {{ cert_domain }}
|
|
ansible.builtin.shell: |
|
|
docker compose -f {{ dest_dir }}/srcs/docker-compose.yml run --rm --entrypoint \
|
|
"certbot certonly --test-cert -d {{ cert_domain }} --webroot --webroot-path /var/www/certbot --agree-tos" certbot
|
|
args:
|
|
executable: /bin/bash
|
|
creates: "{{ dest_dir }}/srcs/nginx/conf/{{ cert_domain }}/fullchain.pem"
|
|
register: certbot_result
|
|
changed_when: "'Obtained a new certificate' in certbot_result.stdout or 'renewed' in certbot_result.stdout"
|
|
when: cert_domain is defined
|
|
ignore_errors: True
|
|
|
|
- name: Restart nginx
|
|
ansible.builtin.shell: |
|
|
docker compose -f {{ dest_dir }}/srcs/docker-compose.yml exec nginx nginx -s reload
|
|
ignore_errors: True
|
|
|
|
- name: Start certbot auto-renew
|
|
ansible.builtin.shell: |
|
|
docker compose -f {{ dest_dir }}/srcs/docker-compose.yml up certbot -d -y
|
|
ignore_errors: True
|
|
when: not is_local |