Moving LetsEncrypt to ClouDNS API validation -- some LetsEncrypt queries come from non-US origins.

2026-01-13 02:10:33 -06:00
parent 0070afde5d
commit 0084b4ea19
4 changed files with 47 additions and 20 deletions
--- a/roles/SSL/tasks/main.yml
+++ b/roles/SSL/tasks/main.yml
@@ -7,26 +7,51 @@
      - certbot
      - openssl

- - name: LetsEncrypt directory
+ - name: LetsEncrypt directories
   become: yes
   file:
-     path: /etc/letsencrypt
+     path: "{{ item }}"
     owner: root
     group: ssl
     mode: 0750
+   loop:
+     - /etc/letsencrypt
+     - /etc/certbot

- - name: Services
+ - name: Service timer
   become: yes
   register: services
   copy:
-     src: "{{ item }}"
-     dest: /usr/lib/systemd/system
+     src: "certbot.timer"
+     dest: /usr/lib/systemd/system/certbot.timer
     owner: root
     group: root
     mode: 0644
-   loop:
-     - "certbot.service"
-     - "certbot.timer"
+
+ # per https://www.cloudns.net/wiki/article/448/
+ - name: ClouDNS configuration
+   become: yes
+   template:
+     src: "certbot.conf.j2"
+     dest: /etc/certbot/certbot.conf
+     owner: root
+     group: root
+     mode: 0600
+
+ - name: Create virtual environment and install package
+   become: yes
+   command:
+     cmd: "python3 -m venv /etc/certbot/venv && /etc/certbot/venv/bin/pip3 install certbot-dns-cloudns"
+     creates: /etc/certbot/venv
+
+ - name: Service
+   become: yes
+   template:
+     src: "certbot.service.j2"
+     dest: /usr/lib/systemd/system/certbot.service
+     owner: root
+     group: root
+     mode: 0600

 - name: Enable timer
   when: services.changed