From 870cdd163b878b8e2e0c6845630a2c89674fd447 Mon Sep 17 00:00:00 2001
From: Yohann D'ANELLO <ynerant@crans.org>
Date: Thu, 4 Mar 2021 11:36:29 +0100
Subject: [PATCH 1/3] [certbot] No change when certificates are already renewed
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
---
roles/certbot/tasks/main.yml | 2 ++
1 file changed, 2 insertions(+)
diff --git a/roles/certbot/tasks/main.yml b/roles/certbot/tasks/main.yml
index 91e2fde8..90fe154f 100644
--- a/roles/certbot/tasks/main.yml
+++ b/roles/certbot/tasks/main.yml
@@ -45,6 +45,8 @@
- name: Run certbot
command: certbot --non-interactive --config /etc/letsencrypt/conf.d/{{ item.certname }}.ini certonly
+ register: certbot_output
+ changed_when: not "Certificate not yet due for renewal" in certbot_output.stdout
loop: "{{ certbot }}"
- name: Clean old files
--
GitLab
From 1e0f84a6e5dd79cd944f063ec1626875c0e63690 Mon Sep 17 00:00:00 2001
From: Yohann D'ANELLO <ynerant@crans.org>
Date: Thu, 4 Mar 2021 11:37:04 +0100
Subject: [PATCH 2/3] [certbot] Remove obsolete DNS lookup
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
---
roles/certbot/tasks/main.yml | 7 -------
1 file changed, 7 deletions(-)
diff --git a/roles/certbot/tasks/main.yml b/roles/certbot/tasks/main.yml
index 90fe154f..eb50fc02 100644
--- a/roles/certbot/tasks/main.yml
+++ b/roles/certbot/tasks/main.yml
@@ -10,13 +10,6 @@
retries: 3
until: apt_result is succeeded
-- name: Lookup DNS masters IPv4
- set_fact:
- #dns_masters_ipv4: "{{ bind.masters | json_query('servers[].interface[?vlan_id==`2`].ipv4[]') }}"
- dns_masters_ipv4:
- - "172.16.10.147"
- cacheable: true
-
- name: Add DNS credentials
template:
src: letsencrypt/rfc2136.ini.j2
--
GitLab
From 91d777ffbabe634794ac918516e9db70ec878a99 Mon Sep 17 00:00:00 2001
From: Yohann D'ANELLO <ynerant@crans.org>
Date: Thu, 4 Mar 2021 11:45:17 +0100
Subject: [PATCH 3/3] [certbot] Generate wildcard certificates by default
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
---
group_vars/certbot.yml | 2 +-
host_vars/hodaur.adm.crans.org.yml | 8 --------
host_vars/irc.adm.crans.org.yml | 8 --------
host_vars/redisdead.adm.crans.org.yml | 8 --------
4 files changed, 1 insertion(+), 25 deletions(-)
diff --git a/group_vars/certbot.yml b/group_vars/certbot.yml
index a10d6425..7540ee94 100644
--- a/group_vars/certbot.yml
+++ b/group_vars/certbot.yml
@@ -5,4 +5,4 @@ glob_certbot:
dns_rfc2136_secret: "{{ vault.certbot_dns_secret }}"
mail: root@crans.org
certname: crans.org
- domains: "crans.org"
+ domains: "*.crans.org"
diff --git a/host_vars/hodaur.adm.crans.org.yml b/host_vars/hodaur.adm.crans.org.yml
index 674f1a2d..53d3a98a 100644
--- a/host_vars/hodaur.adm.crans.org.yml
+++ b/host_vars/hodaur.adm.crans.org.yml
@@ -2,11 +2,3 @@
interfaces:
adm: ens18
srv: ens19
-
-loc_certbot:
- - dns_rfc2136_server: '172.16.10.147'
- dns_rfc2136_name: certbot_challenge.
- dns_rfc2136_secret: "{{ vault.certbot_dns_secret }}"
- mail: root@crans.org
- certname: crans.org
- domains: "crans.org, *.crans.org, crans.fr, *.crans.fr, crans.eu, *.crans.eu"
diff --git a/host_vars/irc.adm.crans.org.yml b/host_vars/irc.adm.crans.org.yml
index dfb6def1..b75e160f 100644
--- a/host_vars/irc.adm.crans.org.yml
+++ b/host_vars/irc.adm.crans.org.yml
@@ -3,14 +3,6 @@ interfaces:
adm: ens18
srv: ens19
-loc_certbot:
- - dns_rfc2136_server: '172.16.10.147'
- dns_rfc2136_name: certbot_challenge.
- dns_rfc2136_secret: "{{ vault.certbot_dns_secret }}"
- mail: root@crans.org
- certname: crans.org
- domains: "irc.crans.org"
-
loc_nginx:
service_name: "thelounge"
servers:
diff --git a/host_vars/redisdead.adm.crans.org.yml b/host_vars/redisdead.adm.crans.org.yml
index f562ec36..8228a1d0 100644
--- a/host_vars/redisdead.adm.crans.org.yml
+++ b/host_vars/redisdead.adm.crans.org.yml
@@ -33,11 +33,3 @@ to_backup:
secrets_file: "/etc/rsyncd.secrets",
hosts_allow: ["zephir.adm.crans.org", "10.231.136.6"],
}
-
-loc_certbot:
- - dns_rfc2136_server: '172.16.10.147'
- dns_rfc2136_name: certbot_challenge.
- dns_rfc2136_secret: "{{ vault.certbot_dns_secret }}"
- mail: root@crans.org
- certname: crans.org
- domains: "*.crans.org"
--
GitLab