ansible-playbooks/general#95 Do not change iptable settings when creating or renewing certs

3be20369 · jurgenhaas · 23f250c9 · 3be20369 · 3be20369
Commit 3be20369 authored 4 years ago by jurgenhaas
--- a/tasks/cert_generate.yml
+++ b/tasks/cert_generate.yml
@@ -17,7 +17,8 @@
      protocol: tcp
      jump: ACCEPT
      state: present
-    when: groups.proxyserver is defined and inventory_hostname in groups.proxyserver
+    #when: groups.proxyserver is defined and inventory_hostname in groups.proxyserver
+    when: no

  - name: Install New Cert via webroot
    shell: certbot certonly --expand --non-interactive --config /etc/letsencrypt/{{ cert.domain }}.ini --cert-name {{ cert.domain }} --webroot-path /var/www/html --webroot
@@ -37,7 +38,8 @@
      protocol: tcp
      jump: ACCEPT
      state: absent
-    when: groups.proxyserver is defined and inventory_hostname in groups.proxyserver
+    #when: groups.proxyserver is defined and inventory_hostname in groups.proxyserver
+    when: no

  - include_tasks: cert_deploy.yml


--- a/tasks/renew.yml
+++ b/tasks/renew.yml
@@ -19,7 +19,8 @@
    protocol: tcp
    jump: ACCEPT
    state: present
-  when: groups.proxyserver is defined and inventory_hostname in groups.proxyserver
+  #when: groups.proxyserver is defined and inventory_hostname in groups.proxyserver
+  when: no

 - name: Renew Existing Certs via webroot
  shell: certbot renew --non-interactive --webroot-path /var/www/html --webroot
@@ -43,7 +44,8 @@
    protocol: tcp
    jump: ACCEPT
    state: absent
-  when: groups.proxyserver is defined and inventory_hostname in groups.proxyserver
+  #when: groups.proxyserver is defined and inventory_hostname in groups.proxyserver
+  when: no

 - include_tasks: cert_deploy.yml
  with_items: '{{ letsencrypt_certificates|default([]) }}'