Use port 80 for letsencrypt without HaProxy

2252e78d · jurgenhaas · d4e0bbcf · 2252e78d · 2252e78d
Commit 2252e78d authored 8 years ago by jurgenhaas
--- a/tasks/cert.yml
+++ b/tasks/cert.yml
@@ -2,6 +2,7 @@
 # file: roles/letsencrypt/tasks/cert.yml

 - set_fact: cert={{ domain.1|default(domain) }}
+- set_fact: port={{ ('proxyserver' in groups)|ternary(54321,80) }}

 - name: "Write Config"
  template:
@@ -30,7 +31,7 @@
      state: 'present'

  - name: "Install New Cert"
-    shell: /opt/letsencrypt/letsencrypt-auto certonly --expand --non-interactive --config /etc/letsencrypt/{{ cert.domain }}.ini --http-01-port 54321 --preferred-challenges http-01
+    shell: /opt/letsencrypt/letsencrypt-auto certonly --expand --non-interactive --config /etc/letsencrypt/{{ cert.domain }}.ini --http-01-port {{ port }} --preferred-challenges http-01
    ignore_errors: true

  - name: "Close Port"

--- a/tasks/renew.yml
+++ b/tasks/renew.yml
 ---
 # file: roles/letsencrypt/tasks/renew.yml

+- set_fact: port={{ ('proxyserver' in groups)|ternary(54321,80) }}
+
 - name: "Stop services"
  service:
    name='{{ item }}'
@@ -17,7 +19,7 @@
    state: 'present'

 - name: "Renew Existing Certs"
-  shell: /opt/letsencrypt/letsencrypt-auto renew --non-interactive --http-01-port 54321 --preferred-challenges http-01
+  shell: /opt/letsencrypt/letsencrypt-auto renew --non-interactive --http-01-port {{ port }} --preferred-challenges http-01
  ignore_errors: true
  register: renew_result
  changed_when: "'No renewals were attempted.' not in renew_result.stdout"