Do not ignore errors when creating or renewing certs

c36e2374 · jurgenhaas · 3be20369 · c36e2374 · c36e2374
Commit c36e2374 authored 4 years ago by jurgenhaas
--- a/tasks/cert_generate.yml
+++ b/tasks/cert_generate.yml
@@ -22,12 +22,10 @@

  - name: Install New Cert via webroot
    shell: certbot certonly --expand --non-interactive --config /etc/letsencrypt/{{ cert.domain }}.ini --cert-name {{ cert.domain }} --webroot-path /var/www/html --webroot
-    ignore_errors: yes
    when: groups.proxyserver is not defined or inventory_hostname not in groups.proxyserver

  - name: Install New Cert via HaProxy
    shell: certbot certonly --expand --non-interactive --config /etc/letsencrypt/{{ cert.domain }}.ini --http-01-port {{ port }} --preferred-challenges http-01 --cert-name {{ cert.domain }}
-    ignore_errors: yes
    when: groups.proxyserver is defined and inventory_hostname in groups.proxyserver

  - name: Close Port

--- a/tasks/renew.yml
+++ b/tasks/renew.yml
@@ -24,14 +24,12 @@

 - name: Renew Existing Certs via webroot
  shell: certbot renew --non-interactive --webroot-path /var/www/html --webroot
-  ignore_errors: yes
  register: renew_result
  changed_when: '"No renewals were attempted." not in renew_result.stdout'
  when: groups.proxyserver is not defined or inventory_hostname not in groups.proxyserver

 - name: Renew Existing Certs via HaProxy
  shell: certbot renew --non-interactive --http-01-port {{ port }} --preferred-challenges http-01
-  ignore_errors: yes
  register: renew_result
  changed_when: '"No renewals were attempted." not in renew_result.stdout'
  when: groups.proxyserver is defined and inventory_hostname in groups.proxyserver