#3 Update to certbot

tasks/cert.yml

@@ -6,19 +6,19 @@
 
 - name: "Write Config"
   template:
-    src='letsencrypt.ini'
-    dest='/etc/letsencrypt/{{ cert.domain }}.ini'
-    owner='root'
-    group='root'
-    mode='644'
+    src: 'letsencrypt.ini'
+    dest: '/etc/letsencrypt/{{ cert.domain }}.ini'
+    owner: 'root'
+    group: 'root'
+    mode: '644'
   register: cert_definition
 
 - block:
 
   - name: "Stop services"
     service:
-      name='{{ item }}'
-      state='stopped'
+      name: '{{ item }}'
+      state: 'stopped'
     with_items: '{{ letsencrypt_pause_services|default([]) }}'
 
   - name: "Open Port"
@@ -31,7 +31,7 @@
       state: 'present'
 
   - name: "Install New Cert"
-    shell: /opt/letsencrypt/letsencrypt-auto certonly --expand --non-interactive --config /etc/letsencrypt/{{ cert.domain }}.ini --http-01-port {{ port }} --preferred-challenges http-01
+    shell: certbot certonly --expand --non-interactive --config /etc/letsencrypt/{{ cert.domain }}.ini --http-01-port {{ port }} --preferred-challenges http-01
     ignore_errors: true
 
   - name: "Close Port"
@@ -45,8 +45,8 @@
 
   - name: "Start services"
     service:
-      name='{{ item }}'
-      state='started'
+      name: '{{ item }}'
+      state: 'started'
     with_items: '{{ letsencrypt_pause_services|default([]) }}'
     ignore_errors: true
 

tasks/install.yml

 ---
 # file: roles/letsencrypt/tasks/install.yml
 
-- name: "Checkout LetsEncrypt Sources"
-  git:
-    accept_hostkey: yes
-    repo: 'https://github.com/letsencrypt/letsencrypt'
-    dest: '/opt/letsencrypt'
+- name: "Apt Key"
+  apt_key:
+    url: 'http://keyserver.ubuntu.com/pks/lookup?op=get&search=0x8C47BE8E75BCA694'
+    state: 'present'
+
+- name: "Apt Repository"
+  apt_repository:
+    repo: 'ppa:certbot/certbot'
+    state: 'present'
+    mode: '644'
+
+- name: "Install CertBot"
+  apt:
+    pkg: 'certbot'
+    state: 'installed'
+    update_cache: yes

tasks/main.yml

@@ -14,32 +14,21 @@
 
   - name: "Write SSL Apache Options"
     template:
-      src='options-ssl-apache.conf'
-      dest='/etc/letsencrypt/options-ssl-apache.conf'
-      owner='root'
-      group='root'
-      mode='644'
-
-  - name: "Check LetsEncrypt Requirement"
-    shell: ls /opt/letsencrypt/letsencrypt-auto
-    register: letsencrypt_available
-    failed_when: false
-    changed_when: false
-    tags: 'always'
+      src: 'options-ssl-apache.conf'
+      dest: '/etc/letsencrypt/options-ssl-apache.conf'
+      owner: 'root'
+      group: 'root'
+      mode: '644'
 
   - name: "Check Existing Certs"
     stat:
-      path='/etc/letsencrypt/live'
+      path: '/etc/letsencrypt/live'
     register: letsencrypt_certs_available
     failed_when: false
     changed_when: false
     tags: 'always'
 
   - include: install.yml
-    when: letsencrypt_available is defined and letsencrypt_available.stdout != '/opt/letsencrypt/letsencrypt-auto'
-
-  - name: "Run LetsEncrypt once, will be faster next time"
-    shell: /opt/letsencrypt/letsencrypt-auto --help
 
   - include: cert.yml
     with_items: '{{ letsencrypt_certificates|default([]) }}'

tasks/renew.yml

@@ -5,8 +5,8 @@
 
 - name: "Stop services"
   service:
-    name='{{ item }}'
-    state='stopped'
+    name: '{{ item }}'
+    state: 'stopped'
   with_items: '{{ letsencrypt_pause_services|default([]) }}'
 
 - name: "Open Port"
@@ -19,7 +19,7 @@
     state: 'present'
 
 - name: "Renew Existing Certs"
-  shell: /opt/letsencrypt/letsencrypt-auto renew --non-interactive --http-01-port {{ port }} --preferred-challenges http-01
+  shell: certbot auto renew --non-interactive --http-01-port {{ port }} --preferred-challenges http-01
   ignore_errors: true
   register: renew_result
   changed_when: "'No renewals were attempted.' not in renew_result.stdout"
@@ -39,7 +39,7 @@
 
 - name: "Start services"
   service:
-    name='{{ item }}'
-    state='started'
+    name: '{{ item }}'
+    state: 'started'
   with_items: '{{ letsencrypt_pause_services|default([]) }}'
   ignore_errors: true