DigitalInfinity/ansible-role-website
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

default ca ist letsencrypt wegen ipv6 only; ssl-config apache erst nachdem es das zertifikat gibt

Browse Source
This commit is contained in:
Alexander Gabriel 2026-03-26 20:41:56 +01:00
parent 84e5c97b88
commit 98eb4fc23b
1 changed files with 27 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
tasks/main.yml
View File

@ -104,7 +104,7 @@
- name: set amce server url - name: set amce server url
set_fact: set_fact:
acmeshserver: "" acmeshserver: " --server letsencrypt "
when: acme_sh_server is undefined or use_local_ca == false when: acme_sh_server is undefined or use_local_ca == false
- name: generate /etc/apache2/sites-available/{{ domainname }}.conf - name: generate /etc/apache2/sites-available/{{ domainname }}.conf
@ -117,6 +117,32 @@
notify: notify:
- reload apache2 - reload apache2
- name: activate /etc/apache2/sites-available/{{ domainname }}.conf
file:
state: link
src: /etc/apache2/sites-available/{{ domainname }}.conf
dest: /etc/apache2/sites-enabled/{{ domainname }}.conf
notify:
- reload apache2
- name: Flush handlers
meta: flush_handlers
- name: get certificates
command: /root/.acme.sh/acme.sh --issue --webroot {{ docroot }} {{ acmeshserver }} -d {{ domainname }} --email {{ acme_sh_email }} --key-file /etc/ssl/private/{{ domainname }}.key --fullchain-file /etc/ssl/certs/{{ domainname }}.pem --reloadcmd "service apache2 reload"
args:
creates: /etc/ssl/private/{{ domainname }}.key
- name: generate /etc/apache2/conf-available/{{ domainname }}-ssl-optionalDirectives.conf
template:
src: includeOptional.conf.j2
dest: /etc/apache2/conf-available/{{ domainname }}-ssl-optionalDirectives.conf
owner: root
group: root
mode: "0644"
notify:
- reload apache2
- name: generate /etc/apache2/sites-available/{{ domainname }}-ssl.conf - name: generate /etc/apache2/sites-available/{{ domainname }}-ssl.conf
template: template:
src: apache-ssl.conf.j2 src: apache-ssl.conf.j2
@ -127,32 +153,6 @@
notify: notify:
- reload apache2 - reload apache2
- name: activate /etc/apache2/sites-available/{{ domainname }}.conf
file:
state: link
src: /etc/apache2/sites-available/{{ domainname }}.conf
dest: /etc/apache2/sites-enabled/{{ domainname }}.conf
notify:
- reload apache2
- name: generate /etc/apache2/conf-available/{{ domainname }}-ssl-optionalDirectives.conf
template:
src: includeOptional.conf.j2
dest: /etc/apache2/conf-available/{{ domainname }}-ssl-optionalDirectives.conf
owner: root
group: root
mode: "0644"
notify:
- reload apache2
- name: Flush handlers
meta: flush_handlers
- name: get certificates
command: /root/.acme.sh/acme.sh --issue --webroot {{ docroot }} {{ acmeshserver }} -d {{ domainname }} --email {{ acme_sh_email }} --key-file /etc/ssl/private/{{ domainname }}.key --fullchain-file /etc/ssl/certs/{{ domainname }}.pem --reloadcmd "service apache2 reload"
args:
creates: /etc/ssl/private/{{ domainname }}.key
- name: activate /etc/apache2/sites-available/{{ domainname }}-ssl.conf - name: activate /etc/apache2/sites-available/{{ domainname }}-ssl.conf
file: file:
state: link state: link