Skip to content

Commit

Permalink
Merge pull request #29 from inmotionhosting/revert-27-NGX-790
Browse files Browse the repository at this point in the history
Revert "NGX-790: Issue self-signed certificate"
  • Loading branch information
combssm authored Dec 4, 2023
2 parents 02af4fc + 4b5929f commit 90fc45d
Showing 1 changed file with 3 additions and 47 deletions.
50 changes: 3 additions & 47 deletions tasks/letsencrypt.yml
Original file line number Diff line number Diff line change
Expand Up @@ -46,45 +46,7 @@
- certbot_stop_services is defined
- certbot_stop_services

- name: Generate Self-signed Certificate if no certificate exists
when:
- not letsencrypt_cert.stat.exists
block:
- name: Ensure directory exists for local self-signed TLS certs.
ansible.builtin.file:
path: /etc/letsencrypt/live/{{ site_domain }}
state: directory
owner: root
group: root
mode: "0755"

- name: Generate an OpenSSL private key.
community.crypto.openssl_privatekey:
path: /etc/letsencrypt/live/{{ site_domain }}/privkey.pem

- name: Generate an OpenSSL CSR.
community.crypto.openssl_csr:
path: /etc/pki/tls/private/{{ site_domain }}.csr
privatekey_path: /etc/letsencrypt/live/{{ site_domain }}/privkey.pem
common_name: "{{ site_domain }}"

- name: Generate a Self Signed OpenSSL certificate.
community.crypto.x509_certificate:
path: /etc/letsencrypt/live/{{ site_domain }}/cert.pem
privatekey_path: /etc/letsencrypt/live/{{ site_domain }}/privkey.pem
csr_path: /etc/pki/tls/private/{{ site_domain }}.csr
provider: selfsigned

- name: Get certificate information
community.crypto.x509_certificate_info:
path: "/etc/letsencrypt/live/{{ site_domain }}/cert.pem"
register: cert_info

- name: Check if cert is self-signed
ansible.builtin.set_fact:
is_self_signed: "{{ cert_info.issuer.commonName == cert_info.subject.commonName }}"

- name: Issue certificate
- name: Issue certificate or set use_letsencrypt=false
tags: always
block:
- name: Generate new certificate if one doesn't exist.
Expand All @@ -94,16 +56,10 @@
- site_domain is defined
- site_domain | length > 0
changed_when: false
register: certbot_result
rescue:
- name: Display debug statement
ansible.builtin.debug:
msg: Unable to issue Let's Encrypt certificate

- name: Update is_self_signed fact to be false if certbot succeeds
- name: Disable Let's Encrypt if unable to issue cert
ansible.builtin.set_fact:
is_self_signed: false
when: cerbot_result.rc == 0
use_letsencrypt: false

- name: Generate DH Parameters
community.crypto.openssl_dhparam:
Expand Down

0 comments on commit 90fc45d

Please sign in to comment.