updated website role

tasks/main.yml

@@ -77,9 +77,29 @@
   include_role:
     name: acmesh
 
+- name: create directory for website
+  file:
+    path: "/usr/local/share/ca-certificates/step-ca/"
+    owner: root
+    group: root
+    mode: '0755'
+    state: directory
+  when: acme_sh_server is defined
+
+- name: copy own root ca cert
+  copy:
+    src: "{{ inventory_dir }}/files/root_ca.crt"
+    dest: "/usr/local/share/ca-certificates/step-ca/step-ca.crt"
+  when: acme_sh_server is defined
+
+- name: run update-ca-certificates
+  command: /usr/sbin/update-ca-certificates
+  args:
+    creates: /etc/ssl/certs/step-ca.pem
+
 - name: set amce server url
   set_fact:
-    acmeshserver: "--server {{ acme_sh_server }} --insecure --force --days 1"
+    acmeshserver: "--server {{ acme_sh_server }} --insecure --force --days 10"
   when: acme_sh_server is defined
 
 - name: set amce server url
@@ -129,7 +149,7 @@
   meta: flush_handlers
 
 - name: get certificates
-  command: /root/.acme.sh/acme.sh --issue --webroot {{ docroot | default("/var/www/html") }} {{ acmeshserver }} -d {{ domainname }} --email {{ acme_sh_email }} --key-file /etc/ssl/private/{{ domainname }}.key --fullchain-file /etc/ssl/certs/{{ domainname }}.pem --reloadcmd "service apache2 reload"
+  command: /root/.acme.sh/acme.sh --issue --webroot {{ docroot }} {{ acmeshserver }} -d {{ domainname }} --email {{ acme_sh_email }} --key-file /etc/ssl/private/{{ domainname }}.key --fullchain-file /etc/ssl/certs/{{ domainname }}.pem --reloadcmd "service apache2 reload"
   args:
     creates: /etc/ssl/private/{{ domainname }}.key