default ca ist letsencrypt wegen ipv6 only; ssl-config apache erst nachdem es das zertifikat gibt
This commit is contained in:
parent
84e5c97b88
commit
98eb4fc23b
@ -104,7 +104,7 @@
|
||||
|
||||
- name: set amce server url
|
||||
set_fact:
|
||||
acmeshserver: ""
|
||||
acmeshserver: " --server letsencrypt "
|
||||
when: acme_sh_server is undefined or use_local_ca == false
|
||||
|
||||
- name: generate /etc/apache2/sites-available/{{ domainname }}.conf
|
||||
@ -117,6 +117,32 @@
|
||||
notify:
|
||||
- reload apache2
|
||||
|
||||
- name: activate /etc/apache2/sites-available/{{ domainname }}.conf
|
||||
file:
|
||||
state: link
|
||||
src: /etc/apache2/sites-available/{{ domainname }}.conf
|
||||
dest: /etc/apache2/sites-enabled/{{ domainname }}.conf
|
||||
notify:
|
||||
- reload apache2
|
||||
|
||||
- name: Flush handlers
|
||||
meta: flush_handlers
|
||||
|
||||
- name: get certificates
|
||||
command: /root/.acme.sh/acme.sh --issue --webroot {{ docroot }} {{ acmeshserver }} -d {{ domainname }} --email {{ acme_sh_email }} --key-file /etc/ssl/private/{{ domainname }}.key --fullchain-file /etc/ssl/certs/{{ domainname }}.pem --reloadcmd "service apache2 reload"
|
||||
args:
|
||||
creates: /etc/ssl/private/{{ domainname }}.key
|
||||
|
||||
- name: generate /etc/apache2/conf-available/{{ domainname }}-ssl-optionalDirectives.conf
|
||||
template:
|
||||
src: includeOptional.conf.j2
|
||||
dest: /etc/apache2/conf-available/{{ domainname }}-ssl-optionalDirectives.conf
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0644"
|
||||
notify:
|
||||
- reload apache2
|
||||
|
||||
- name: generate /etc/apache2/sites-available/{{ domainname }}-ssl.conf
|
||||
template:
|
||||
src: apache-ssl.conf.j2
|
||||
@ -127,32 +153,6 @@
|
||||
notify:
|
||||
- reload apache2
|
||||
|
||||
- name: activate /etc/apache2/sites-available/{{ domainname }}.conf
|
||||
file:
|
||||
state: link
|
||||
src: /etc/apache2/sites-available/{{ domainname }}.conf
|
||||
dest: /etc/apache2/sites-enabled/{{ domainname }}.conf
|
||||
notify:
|
||||
- reload apache2
|
||||
|
||||
- name: generate /etc/apache2/conf-available/{{ domainname }}-ssl-optionalDirectives.conf
|
||||
template:
|
||||
src: includeOptional.conf.j2
|
||||
dest: /etc/apache2/conf-available/{{ domainname }}-ssl-optionalDirectives.conf
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0644"
|
||||
notify:
|
||||
- reload apache2
|
||||
|
||||
- name: Flush handlers
|
||||
meta: flush_handlers
|
||||
|
||||
- name: get certificates
|
||||
command: /root/.acme.sh/acme.sh --issue --webroot {{ docroot }} {{ acmeshserver }} -d {{ domainname }} --email {{ acme_sh_email }} --key-file /etc/ssl/private/{{ domainname }}.key --fullchain-file /etc/ssl/certs/{{ domainname }}.pem --reloadcmd "service apache2 reload"
|
||||
args:
|
||||
creates: /etc/ssl/private/{{ domainname }}.key
|
||||
|
||||
- name: activate /etc/apache2/sites-available/{{ domainname }}-ssl.conf
|
||||
file:
|
||||
state: link
|
||||
|
||||
Loading…
Reference in New Issue
Block a user