From c36e2374be35f1b0e49752539a4f3a5ed2a1c112 Mon Sep 17 00:00:00 2001
From: jurgenhaas <juergen@paragon-es.de>
Date: Sun, 24 May 2020 08:46:34 +0200
Subject: [PATCH] Do not ignore errors when creating or renewing certs

---
 tasks/cert_generate.yml | 2 --
 tasks/renew.yml         | 2 --
 2 files changed, 4 deletions(-)

diff --git a/tasks/cert_generate.yml b/tasks/cert_generate.yml
index 022890f..ba07fa5 100644
--- a/tasks/cert_generate.yml
+++ b/tasks/cert_generate.yml
@@ -22,12 +22,10 @@
 
   - name: Install New Cert via webroot
     shell: certbot certonly --expand --non-interactive --config /etc/letsencrypt/{{ cert.domain }}.ini --cert-name {{ cert.domain }} --webroot-path /var/www/html --webroot
-    ignore_errors: yes
     when: groups.proxyserver is not defined or inventory_hostname not in groups.proxyserver
 
   - name: Install New Cert via HaProxy
     shell: certbot certonly --expand --non-interactive --config /etc/letsencrypt/{{ cert.domain }}.ini --http-01-port {{ port }} --preferred-challenges http-01 --cert-name {{ cert.domain }}
-    ignore_errors: yes
     when: groups.proxyserver is defined and inventory_hostname in groups.proxyserver
 
   - name: Close Port
diff --git a/tasks/renew.yml b/tasks/renew.yml
index d1936be..deb20e6 100644
--- a/tasks/renew.yml
+++ b/tasks/renew.yml
@@ -24,14 +24,12 @@
 
 - name: Renew Existing Certs via webroot
   shell: certbot renew --non-interactive --webroot-path /var/www/html --webroot
-  ignore_errors: yes
   register: renew_result
   changed_when: '"No renewals were attempted." not in renew_result.stdout'
   when: groups.proxyserver is not defined or inventory_hostname not in groups.proxyserver
 
 - name: Renew Existing Certs via HaProxy
   shell: certbot renew --non-interactive --http-01-port {{ port }} --preferred-challenges http-01
-  ignore_errors: yes
   register: renew_result
   changed_when: '"No renewals were attempted." not in renew_result.stdout'
   when: groups.proxyserver is defined and inventory_hostname in groups.proxyserver
-- 
GitLab