2018-08-23 20:53:25 +00:00
|
|
|
---
|
|
|
|
|
# This role sets up a Let's Encrypt certificate for the
|
|
|
|
|
# Mastodon instance
|
|
|
|
|
|
2019-01-12 20:06:22 +00:00
|
|
|
- name: Make TLS certificate storage directory
|
|
|
|
|
file: name=/etc/ssl/letsencrypt/ state=directory
|
2019-01-13 00:12:48 +00:00
|
|
|
- name: Make sure /opt exists
|
|
|
|
|
file: name=/opt state=directory
|
|
|
|
|
- name: Clone acme.sh repository
|
|
|
|
|
git:
|
|
|
|
|
repo: https://github.com/Neilpang/acme.sh.git
|
|
|
|
|
dest: /opt/acme.sh
|
2019-01-12 20:06:22 +00:00
|
|
|
- name: Install acme.sh
|
2019-01-13 00:19:57 +00:00
|
|
|
shell: cd /opt/acme.sh && ./acme.sh --install
|
2019-01-12 20:06:22 +00:00
|
|
|
- name: Generate certificate using acme.sh
|
2019-01-12 20:28:06 +00:00
|
|
|
shell: /root/.acme.sh/acme.sh --issue --standalone -d {{ LOCAL_DOMAIN }} --pre-hook "service nginx stop"
|
2019-01-13 00:33:47 +00:00
|
|
|
ignore_errors: yes
|
2019-01-12 20:06:22 +00:00
|
|
|
- name: Install certificate in storage directory
|
2019-01-12 20:28:06 +00:00
|
|
|
shell: /root/.acme.sh/acme.sh --install-cert -d {{ LOCAL_DOMAIN }} --key-file /etc/ssl/letsencrypt/{{ LOCAL_DOMAIN }}.pem --fullchain-file /etc/ssl/letsencrypt/{{ LOCAL_DOMAIN }}.crt --reloadcmd "service nginx restart"
|
