CRC-641 Automatically update SSL certificates from LetsEncrypt

cd514817 · jurgenhaas · 568d4966 · cd514817 · cd514817 · cd514817
Commit cd514817 authored 8 years ago by jurgenhaas
--- a/defaults/main.yml
+++ b/defaults/main.yml
+letsencrypt_pause_services: []
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -6,8 +6,14 @@
    shell: ls /opt/letsencrypt/letsencrypt-auto
    register: letsencrypt_available
    failed_when: false
+    changed_when: false
+    tags: 'always'

  - include: install.yml
    when: letsencrypt_available is defined and letsencrypt_available.stdout != '/opt/letsencrypt/letsencrypt-auto'

+  - include: renew.yml
+    when: letsencrypt_available is defined and letsencrypt_available.stdout == '/opt/letsencrypt/letsencrypt-auto'
+    tags: 'renew'
+
  when: '"letsencrypt" not in excluded_roles'
--- a/tasks/renew.yml
+++ b/tasks/renew.yml
+---
+# file: roles/letsencrypt/tasks/renew.yml
+
+- name: "Stop services"
+  service:
+    name='{{ item }}'
+    state='stopped'
+  with_items: '{{ letsencrypt_pause_services }}'
+
+- name: "Renew Existing Certs"
+  shell: /opt/letsencrypt/letsencrypt-auto renew
+  ignore_errors: true
+
+- name: "Start services"
+  service:
+    name='{{ item }}'
+    state='started'
+  with_items: '{{ letsencrypt_pause_services }}'