From fa7fec4a937942c03ac726dff9de1f9c49f9f3b5 Mon Sep 17 00:00:00 2001 From: Markus Hauschild Date: Mon, 11 Feb 2019 19:36:35 +0100 Subject: [PATCH] certmgr: update to latest version, adjust config --- roles/certmgr/tasks/main.yml | 21 +++------------------ roles/certmgr/templates/acme.conf.j2 | 3 --- 2 files changed, 3 insertions(+), 21 deletions(-) diff --git a/roles/certmgr/tasks/main.yml b/roles/certmgr/tasks/main.yml index 9bd7918..c14466f 100644 --- a/roles/certmgr/tasks/main.yml +++ b/roles/certmgr/tasks/main.yml @@ -4,12 +4,12 @@ apt: name={{ item }} with_items: - git - - python-dateutil - - python-openssl + - python-cryptography + - python-dnspython - python-yaml - name: Install acertmgr - git: repo=https://github.com/moepman/acertmgr.git dest=/opt/acertmgr depth=1 version=017f55f57cb77628061b6a5f4236055c2e4d5f02 + git: repo=https://github.com/moepman/acertmgr.git dest=/opt/acertmgr depth=1 version=02036f56173e3a87173fed33103918c7c5279c5a - name: Create config directories file: path={{ item }} state=directory mode=0755 @@ -20,21 +20,6 @@ - name: Configure acertmgr template: src=acme.conf.j2 dest=/etc/acme/acme.conf -- name: Create private keys - command: openssl genrsa -out {{ item }} 4096 creates={{ item }} - with_items: - - /etc/acme/account.key - - /etc/acme/server.key - -- name: Ensure private key permissoins - file: path={{ item }} owner=root mode=0400 - with_items: - - /etc/acme/account.key - - /etc/acme/server.key - -- name: Download Lets Encrypt CA certificate - get_url: url=https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem dest=/etc/acme/lets-encrypt-x3-cross-signed.pem - - name: Create challenge directory file: path=/var/www/acme-challenge/ owner=root mode=0755 state=directory diff --git a/roles/certmgr/templates/acme.conf.j2 b/roles/certmgr/templates/acme.conf.j2 index c0488bb..a793b2f 100644 --- a/roles/certmgr/templates/acme.conf.j2 +++ b/roles/certmgr/templates/acme.conf.j2 @@ -4,6 +4,3 @@ mode: {{ certmgr_mode }} webdir: /var/www/acme-challenge/ ttl_days: 30 authority: "https://acme-v01.api.letsencrypt.org" - -defaults: - cafile: /etc/acme/lets-encrypt-x3-cross-signed.pem