roles/certbot: Support using existing account data
The *certbot* role now supports copying the data for an existing Let's Encrypt account to the managed node using an archive. If an archive named for the inventory hostname (typically the FQDN) of the managed node is found in the `accounts` directory under the `files` directory of the *certbot* role, it will be copied to the managed node and extracted at `/var/lib/letsencrypt/accounts`. This takes the place of running `certbot register` to sign up for a new account.jenkins-master
parent
52436acb48
commit
c95a4b7379
|
|
@ -30,6 +30,13 @@
|
||||||
owner=certbot
|
owner=certbot
|
||||||
group=certbot
|
group=certbot
|
||||||
state=directory
|
state=directory
|
||||||
|
- name: ensure certbot accounts directory exists
|
||||||
|
file:
|
||||||
|
path=/var/lib/letsencrypt/accounts
|
||||||
|
mode=0700
|
||||||
|
owner=certbot
|
||||||
|
group=certbot
|
||||||
|
state=directory
|
||||||
- name: ensure certbot log directory exists
|
- name: ensure certbot log directory exists
|
||||||
file:
|
file:
|
||||||
path=/var/log/letsencrypt
|
path=/var/log/letsencrypt
|
||||||
|
|
@ -52,7 +59,14 @@
|
||||||
mode=0644
|
mode=0644
|
||||||
notify: reload httpd
|
notify: reload httpd
|
||||||
|
|
||||||
- name: ensure certbot account is registered
|
- name: ensure letsencrypt account data are installed
|
||||||
|
become: true
|
||||||
|
become_user: certbot
|
||||||
|
unarchive:
|
||||||
|
src={{ item }}
|
||||||
|
dest=/var/lib/letsencrypt/accounts/
|
||||||
|
with_fileglob: accounts/{{ inventory_hostname }}.tar.xz
|
||||||
|
- name: ensure letsencrypt account is registered
|
||||||
become: true
|
become: true
|
||||||
become_user: certbot
|
become_user: certbot
|
||||||
command:
|
command:
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue