Add LetsEncrypt roles for webserver use.

2017-01-13 22:21:21 +00:00 · 2017-01-13 22:21:21 +00:00 · 03276432f4
parent 98d8783038
commit 03276432f4
4 changed files with 34 additions and 0 deletions
--- a/ubuntu/roles/letsencrypt/files/letsencrypt-renew
+++ b/ubuntu/roles/letsencrypt/files/letsencrypt-renew
@ -0,0 +1,4 @@
+#!/usr/bin/env bash
+
+letsencrypt renew --pre-hook "systemctl stop nginx" --post-hook "systemctl start nginx"
+
--- a/ubuntu/roles/letsencrypt/handlers/main.yml
+++ b/ubuntu/roles/letsencrypt/handlers/main.yml
@ -0,0 +1,3 @@
+---
+- name: restart cron
+  service: name=cron state=restarted
--- a/ubuntu/roles/letsencrypt/tasks/main.yml
+++ b/ubuntu/roles/letsencrypt/tasks/main.yml
@ -0,0 +1,20 @@
+---
+- name: Install LetsEncrypt client
+  apt: name=letsencrypt state=latest
+
+- name: Generate LetsEncrypt TLS certificates
+  shell: letsencrypt certonly -n -m "letsencrypt@sadiqsaif.ca" --agree-tos --standalone -d {{ item }}
+  with_items:
+     - asininetech.com
+     - entropynet.net
+     - i.asininetech.com
+     - sadiqsaif.ca
+     - staticsafe.ca
+     - twoshadesofbrown.com
+     - wiki.staticsafe.ca
+
+- name: Add a cron job to automatically renew LetsEncrypt certificates
+  copy: src=letsencrypt-renew dest=/etc/cron.daily/letsencrypt-renew mode=0700
+  notify:
+  - restart cron
+
--- a/ubuntu/site.yml
+++ b/ubuntu/site.yml
@ -14,6 +14,13 @@
  roles:
    - php

+- name: Generate LE certs on required servers
+  hosts: webservers
+  user: root
+  
+  roles:
+    - letsencrypt
+
 - hosts: webservers

  roles: