From a30a70ee90ab425e1d9091e3020280b935811a43 Mon Sep 17 00:00:00 2001
From: Alexander Gabriel <alexander.gabriel@digital-infinity.de>
Date: Fri, 24 Jan 2025 19:16:13 +0100
Subject: [PATCH] updated website role

---
 tasks/main.yml | 24 ++++++++++++++++++++++--
 1 file changed, 22 insertions(+), 2 deletions(-)

diff --git a/tasks/main.yml b/tasks/main.yml
index 8a1b9f5..ae06d61 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -77,9 +77,29 @@
   include_role:
     name: acmesh
 
+- name: create directory for website
+  file:
+    path: "/usr/local/share/ca-certificates/step-ca/"
+    owner: root
+    group: root
+    mode: '0755'
+    state: directory
+  when: acme_sh_server is defined
+
+- name: copy own root ca cert
+  copy:
+    src: "{{ inventory_dir }}/files/root_ca.crt"
+    dest: "/usr/local/share/ca-certificates/step-ca/step-ca.crt"
+  when: acme_sh_server is defined
+
+- name: run update-ca-certificates
+  command: /usr/sbin/update-ca-certificates
+  args:
+    creates: /etc/ssl/certs/step-ca.pem
+
 - name: set amce server url
   set_fact:
-    acmeshserver: "--server {{ acme_sh_server }} --insecure --force --days 1"
+    acmeshserver: "--server {{ acme_sh_server }} --insecure --force --days 10"
   when: acme_sh_server is defined
 
 - name: set amce server url
@@ -129,7 +149,7 @@
   meta: flush_handlers
 
 - name: get certificates
-  command: /root/.acme.sh/acme.sh --issue --webroot {{ docroot | default("/var/www/html") }} {{ acmeshserver }} -d {{ domainname }} --email {{ acme_sh_email }} --key-file /etc/ssl/private/{{ domainname }}.key --fullchain-file /etc/ssl/certs/{{ domainname }}.pem --reloadcmd "service apache2 reload"
+  command: /root/.acme.sh/acme.sh --issue --webroot {{ docroot }} {{ acmeshserver }} -d {{ domainname }} --email {{ acme_sh_email }} --key-file /etc/ssl/private/{{ domainname }}.key --fullchain-file /etc/ssl/certs/{{ domainname }}.pem --reloadcmd "service apache2 reload"
   args:
     creates: /etc/ssl/private/{{ domainname }}.key