roles/certbot: Ensure certbot is configured first
The `Alias` configuration for Certbot needs to be configured before any other locations, to ensure the `/.well-known` path is always served from the local filesystem. If another drop-in configuration file (e.g. `bitwarden.conf`) is ordered before it, it may override this configuration and prevent Let's Encrypt from working.
This commit is contained in:
@@ -55,9 +55,14 @@
|
|||||||
- name: ensure apache is configured for certbot
|
- name: ensure apache is configured for certbot
|
||||||
copy:
|
copy:
|
||||||
src=certbot.httpd.conf
|
src=certbot.httpd.conf
|
||||||
dest=/etc/httpd/conf.d/certbot.conf
|
dest=/etc/httpd/conf.d/01_certbot.conf
|
||||||
mode=0644
|
mode=0644
|
||||||
notify: reload httpd
|
notify: reload httpd
|
||||||
|
- name: ensure old certbot apache config file is removed
|
||||||
|
file:
|
||||||
|
path=/etc/httpd/conf.d/certbot.conf
|
||||||
|
state=absent
|
||||||
|
notify: reload httpd
|
||||||
- meta: flush_handlers
|
- meta: flush_handlers
|
||||||
|
|
||||||
- name: ensure letsencrypt account data are installed
|
- name: ensure letsencrypt account data are installed
|
||||||
|
|||||||
Reference in New Issue
Block a user