diff --git a/ramble-hard/lets_encrypt.yml b/ramble-hard/lets_encrypt.yml new file mode 100644 index 0000000..4bb9f76 --- /dev/null +++ b/ramble-hard/lets_encrypt.yml @@ -0,0 +1,27 @@ +- hosts: ramble-hard + tasks: + + - name: install certbot + package: + name: + - certbot + + - name: stop nginx + service: + name: nginx + state: stopped + + - command: > + certbot certonly --standalone --preferred-challenges http + -n --agree-tos -m {{ lets_encrypt_email }} + -d {{ item }} + loop: "{{ lets_encrypt_tlds }}" + + - service: + name: nginx + state: started + + - template: + src: lets_encrypt/renew-certs + dest: /etc/cron.daily/renew-certs + mode: +x diff --git a/ramble-hard/lets_encrypt/renew-certs b/ramble-hard/lets_encrypt/renew-certs new file mode 100644 index 0000000..88192fc --- /dev/null +++ b/ramble-hard/lets_encrypt/renew-certs @@ -0,0 +1,2 @@ +#!/bin/sh +certbot renew -w /var/lib/letsencrypt/ --pre-hook "systemctl stop nginx" --post-hook "systemctl start nginx"