From bb65fc04c998f9ee81b2fed980a63bbe9c164c69 Mon Sep 17 00:00:00 2001
From: Markus Hauschild <markus@moepman.eu>
Date: Thu, 7 Mar 2019 15:52:56 +0100
Subject: [PATCH] acertmgr: update to 0.8.1

---
 group_vars/all/vars.yml               |  2 +-
 roles/acertmgr/defaults/main.yml      |  3 +++
 roles/acertmgr/tasks/main.yml         | 21 +++------------------
 roles/acertmgr/templates/acme.conf.j2 |  5 +----
 4 files changed, 8 insertions(+), 23 deletions(-)
 create mode 100644 roles/acertmgr/defaults/main.yml

diff --git a/group_vars/all/vars.yml b/group_vars/all/vars.yml
index 4ae9921..e953f7b 100644
--- a/group_vars/all/vars.yml
+++ b/group_vars/all/vars.yml
@@ -1,6 +1,6 @@
 ---
 
-certmgr_mode: webserver
+acertmgr_mode: webdir
 
 confluence_domain: confluence.regensburg.freifunk.net
 confluence_dbname: confluence
diff --git a/roles/acertmgr/defaults/main.yml b/roles/acertmgr/defaults/main.yml
new file mode 100644
index 0000000..1dc67af
--- /dev/null
+++ b/roles/acertmgr/defaults/main.yml
@@ -0,0 +1,3 @@
+---
+
+acertmgr_version: 0.8.1
diff --git a/roles/acertmgr/tasks/main.yml b/roles/acertmgr/tasks/main.yml
index 9bd7918..2316821 100644
--- a/roles/acertmgr/tasks/main.yml
+++ b/roles/acertmgr/tasks/main.yml
@@ -4,12 +4,12 @@
   apt: name={{ item }}
   with_items:
   - git
-  - python-dateutil
-  - python-openssl
+  - python-cryptography
+  - python-dnspython
   - python-yaml
 
 - name: Install acertmgr
-  git: repo=https://github.com/moepman/acertmgr.git dest=/opt/acertmgr depth=1 version=017f55f57cb77628061b6a5f4236055c2e4d5f02
+  git: repo=https://github.com/moepman/acertmgr.git dest=/opt/acertmgr depth=1 version={{ acertmgr_version }}
 
 - name: Create config directories
   file: path={{ item }} state=directory mode=0755
@@ -20,21 +20,6 @@
 - name: Configure acertmgr
   template: src=acme.conf.j2 dest=/etc/acme/acme.conf
 
-- name: Create private keys
-  command: openssl genrsa -out {{ item }} 4096 creates={{ item }}
-  with_items:
-  - /etc/acme/account.key
-  - /etc/acme/server.key
-
-- name: Ensure private key permissoins
-  file: path={{ item }} owner=root mode=0400
-  with_items:
-  - /etc/acme/account.key
-  - /etc/acme/server.key
-
-- name: Download Lets Encrypt CA certificate
-  get_url: url=https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem dest=/etc/acme/lets-encrypt-x3-cross-signed.pem
-
 - name: Create challenge directory
   file: path=/var/www/acme-challenge/ owner=root mode=0755 state=directory
 
diff --git a/roles/acertmgr/templates/acme.conf.j2 b/roles/acertmgr/templates/acme.conf.j2
index c0488bb..f478eb9 100644
--- a/roles/acertmgr/templates/acme.conf.j2
+++ b/roles/acertmgr/templates/acme.conf.j2
@@ -1,9 +1,6 @@
 ---
 
-mode: {{ certmgr_mode }}
+mode: {{ acertmgr_mode }}
 webdir: /var/www/acme-challenge/
 ttl_days: 30
 authority: "https://acme-v01.api.letsencrypt.org"
-
-defaults:
-  cafile: /etc/acme/lets-encrypt-x3-cross-signed.pem