forked from koddr/useful-playbooks
-
Notifications
You must be signed in to change notification settings - Fork 0
/
create_ssl-playbook.yml
72 lines (60 loc) · 2.23 KB
/
create_ssl-playbook.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
# Ansible playbook for create SSL certificate for your domains (by Let's Encrypt).
# For more information, please visit https://github.com/truewebartisans/useful-playbooks
# Author: Vic Shóstak <truewebartisans@gmail.com> & True web artisans (https://1wa.co)
# License: MIT
---
- hosts: "{{ host|default('localhost') }}"
become: true
tasks:
- name: Add PPA repositories
apt_repository:
repo: "{{ item.repo }}"
with_items:
- { repo: "ppa:certbot/certbot" }
when: ansible_distribution == 'Ubuntu' and ansible_distribution_release != 'focal'
- name: Install Certbot
apt:
pkg: "{{ item }}"
state: latest
update_cache: yes
with_items:
- certbot
- python3-certbot-nginx
- name: Create /var/www/{{ domain }}/html folder, set chown USER:USER
file:
state: directory
path: /var/www/{{ domain }}/html
owner: "{{ ansible_user }}"
group: "{{ ansible_user }}"
mode: 0700
- name: Add HTTP version of {{ domain }}.conf to /etc/nginx/sites-available
template:
src: ./templates/http-domain.j2
dest: /etc/nginx/sites-available/{{ domain }}.conf
- name: Create symbolic link for HTTP version of {{ domain }}.conf to /etc/nginx/sites-enabled
file:
state: link
src: /etc/nginx/sites-available/{{ domain }}.conf
dest: /etc/nginx/sites-enabled/{{ domain }}.conf
owner: "{{ ansible_user }}"
group: "{{ ansible_user }}"
mode: 0700
notify:
- reload_nginx
- name: Dry run before create SSL certificate for {{ domain }}
command:
cmd: certbot --nginx certonly --agree-tos -m {{ email }} -d {{ domain }} -d www.{{ domain }} --dry-run
- name: Create SSL certificate for {{ domain }}
command:
cmd: certbot --nginx certonly --agree-tos -m {{ email }} -d {{ domain }} -d www.{{ domain }}
- name: Add HTTPS version of {{ domain }}.conf to /etc/nginx/sites-available
template:
src: ./templates/https-domain.j2
dest: /etc/nginx/sites-available/{{ domain }}.conf
notify:
- reload_nginx
handlers:
- name: reload_nginx
service:
name: nginx
state: reloaded