From 03276432f415578fb7b1927c6fb891d0fe005270 Mon Sep 17 00:00:00 2001 From: staticsafe Date: Fri, 13 Jan 2017 22:21:21 +0000 Subject: [PATCH] Add LetsEncrypt roles for webserver use. --- .../roles/letsencrypt/files/letsencrypt-renew | 4 ++++ ubuntu/roles/letsencrypt/handlers/main.yml | 3 +++ ubuntu/roles/letsencrypt/tasks/main.yml | 20 +++++++++++++++++++ ubuntu/site.yml | 7 +++++++ 4 files changed, 34 insertions(+) create mode 100755 ubuntu/roles/letsencrypt/files/letsencrypt-renew create mode 100644 ubuntu/roles/letsencrypt/handlers/main.yml create mode 100644 ubuntu/roles/letsencrypt/tasks/main.yml diff --git a/ubuntu/roles/letsencrypt/files/letsencrypt-renew b/ubuntu/roles/letsencrypt/files/letsencrypt-renew new file mode 100755 index 0000000..6069850 --- /dev/null +++ b/ubuntu/roles/letsencrypt/files/letsencrypt-renew @@ -0,0 +1,4 @@ +#!/usr/bin/env bash + +letsencrypt renew --pre-hook "systemctl stop nginx" --post-hook "systemctl start nginx" + diff --git a/ubuntu/roles/letsencrypt/handlers/main.yml b/ubuntu/roles/letsencrypt/handlers/main.yml new file mode 100644 index 0000000..5d9d338 --- /dev/null +++ b/ubuntu/roles/letsencrypt/handlers/main.yml @@ -0,0 +1,3 @@ +--- +- name: restart cron + service: name=cron state=restarted diff --git a/ubuntu/roles/letsencrypt/tasks/main.yml b/ubuntu/roles/letsencrypt/tasks/main.yml new file mode 100644 index 0000000..a806be7 --- /dev/null +++ b/ubuntu/roles/letsencrypt/tasks/main.yml @@ -0,0 +1,20 @@ +--- +- name: Install LetsEncrypt client + apt: name=letsencrypt state=latest + +- name: Generate LetsEncrypt TLS certificates + shell: letsencrypt certonly -n -m "letsencrypt@sadiqsaif.ca" --agree-tos --standalone -d {{ item }} + with_items: + - asininetech.com + - entropynet.net + - i.asininetech.com + - sadiqsaif.ca + - staticsafe.ca + - twoshadesofbrown.com + - wiki.staticsafe.ca + +- name: Add a cron job to automatically renew LetsEncrypt certificates + copy: src=letsencrypt-renew dest=/etc/cron.daily/letsencrypt-renew mode=0700 + notify: + - restart cron + diff --git a/ubuntu/site.yml b/ubuntu/site.yml index b9e406c..6f1be73 100644 --- a/ubuntu/site.yml +++ b/ubuntu/site.yml @@ -14,6 +14,13 @@ roles: - php +- name: Generate LE certs on required servers + hosts: webservers + user: root + + roles: + - letsencrypt + - hosts: webservers roles: