Merge pull request #4 from dracos/fetch-cert-twice
Update to fetch cert twice to allow easier renewal.
This commit is contained in:
commit
6ccf4d365a
|
@ -1,4 +1,3 @@
|
|||
#!/usr/bin/env bash
|
||||
service nginx stop
|
||||
letsencrypt renew
|
||||
service nginx start
|
||||
service nginx reload
|
||||
|
|
|
@ -2,15 +2,11 @@
|
|||
# This role install nginx, configures it and sets up a Let's Encrypt certificate for the
|
||||
# Mastodon instance
|
||||
|
||||
- name: Install nginx and letsencrypt
|
||||
- name: Install nginx and certbot
|
||||
apt: name={{ item }} state=latest update_cache=yes
|
||||
with_items:
|
||||
- nginx
|
||||
- letsencrypt
|
||||
- name: Stop nginx for now
|
||||
service: name=nginx state=stopped
|
||||
- name: Generate Let's Encrypt TLS certificate for Mastodon instance
|
||||
shell: letsencrypt certonly -n --agree-tos --standalone -d {{ ansible_nodename }} --email "webmaster@{{ ansible_nodename }}"
|
||||
- name: Remove default nginx config in sites-enabled
|
||||
file:
|
||||
path: /etc/nginx/sites-enabled/default
|
||||
|
@ -24,8 +20,14 @@
|
|||
src: /etc/nginx/sites-available/{{ LOCAL_DOMAIN }}.conf
|
||||
dest: /etc/nginx/sites-enabled/{{ LOCAL_DOMAIN }}.conf
|
||||
state: link
|
||||
- name: Start nginx
|
||||
- name: Stop nginx for now
|
||||
service: name=nginx state=stopped
|
||||
- name: Generate standalone Let's Encrypt TLS certificate for Mastodon instance
|
||||
shell: letsencrypt certonly -n --agree-tos --standalone -d {{ LOCAL_DOMAIN }} --email "webmaster@{{ LOCAL_DOMAIN }}"
|
||||
- name: Restart nginx
|
||||
service: name=nginx state=started
|
||||
- name: Generate webroot Let's Encrypt TLS certificate for Mastodon instance
|
||||
shell: letsencrypt certonly -n --webroot -d {{ LOCAL_DOMAIN }} -w /home/mastodon/live/public/ --email "webmaster@{{ LOCAL_DOMAIN }}"
|
||||
- name: Copy and enable Let's Encrypt renew script
|
||||
copy:
|
||||
src: letsencrypt-renew.sh
|
||||
|
|
|
@ -8,6 +8,7 @@ server {
|
|||
listen [::]:80;
|
||||
server_name {{ LOCAL_DOMAIN }};
|
||||
# Useful for Let's Encrypt
|
||||
root /home/mastodon/live/public;
|
||||
location /.well-known/acme-challenge/ { allow all; }
|
||||
location / { return 301 https://$host$request_uri; }
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue