Moving LetsEncrypt to ClouDNS API validation -- some LetsEncrypt queries come from non-US origins.
This commit is contained in:
@@ -1,12 +0,0 @@
|
|||||||
[Unit]
|
|
||||||
Description=Certbot
|
|
||||||
|
|
||||||
[Service]
|
|
||||||
ExecStart=certbot renew -w /var/lib/letsencrypt/ --preferred-chain "ISRG Root X1"
|
|
||||||
ExecStartPost=-/usr/bin/systemctl reload nginx
|
|
||||||
ExecStartPost=-/usr/bin/systemctl reload inspircd
|
|
||||||
KillMode=process
|
|
||||||
Type=oneshot
|
|
||||||
RemainAfterExit=no
|
|
||||||
User=root
|
|
||||||
Group=root
|
|
||||||
@@ -7,26 +7,51 @@
|
|||||||
- certbot
|
- certbot
|
||||||
- openssl
|
- openssl
|
||||||
|
|
||||||
- name: LetsEncrypt directory
|
- name: LetsEncrypt directories
|
||||||
become: yes
|
become: yes
|
||||||
file:
|
file:
|
||||||
path: /etc/letsencrypt
|
path: "{{ item }}"
|
||||||
owner: root
|
owner: root
|
||||||
group: ssl
|
group: ssl
|
||||||
mode: 0750
|
mode: 0750
|
||||||
|
loop:
|
||||||
|
- /etc/letsencrypt
|
||||||
|
- /etc/certbot
|
||||||
|
|
||||||
- name: Services
|
- name: Service timer
|
||||||
become: yes
|
become: yes
|
||||||
register: services
|
register: services
|
||||||
copy:
|
copy:
|
||||||
src: "{{ item }}"
|
src: "certbot.timer"
|
||||||
dest: /usr/lib/systemd/system
|
dest: /usr/lib/systemd/system/certbot.timer
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
mode: 0644
|
mode: 0644
|
||||||
loop:
|
|
||||||
- "certbot.service"
|
# per https://www.cloudns.net/wiki/article/448/
|
||||||
- "certbot.timer"
|
- name: ClouDNS configuration
|
||||||
|
become: yes
|
||||||
|
template:
|
||||||
|
src: "certbot.conf.j2"
|
||||||
|
dest: /etc/certbot/certbot.conf
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: 0600
|
||||||
|
|
||||||
|
- name: Create virtual environment and install package
|
||||||
|
become: yes
|
||||||
|
command:
|
||||||
|
cmd: "python3 -m venv /etc/certbot/venv && /etc/certbot/venv/bin/pip3 install certbot-dns-cloudns"
|
||||||
|
creates: /etc/certbot/venv
|
||||||
|
|
||||||
|
- name: Service
|
||||||
|
become: yes
|
||||||
|
template:
|
||||||
|
src: "certbot.service.j2"
|
||||||
|
dest: /usr/lib/systemd/system/certbot.service
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: 0600
|
||||||
|
|
||||||
- name: Enable timer
|
- name: Enable timer
|
||||||
when: services.changed
|
when: services.changed
|
||||||
|
|||||||
2
roles/SSL/templates/certbot.conf.j2
Normal file
2
roles/SSL/templates/certbot.conf.j2
Normal file
@@ -0,0 +1,2 @@
|
|||||||
|
dns_cloudns_auth_id={{ secrets.certbot.authid }}
|
||||||
|
dns_cloudns_auth_password={{ secrets.certbot.passphrase }}
|
||||||
12
roles/SSL/templates/certbot.service.j2
Executable file
12
roles/SSL/templates/certbot.service.j2
Executable file
@@ -0,0 +1,12 @@
|
|||||||
|
[Unit]
|
||||||
|
Description=Certbot
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
ExecStart=/bin/bash -c "source /etc/certbot/venv/bin/activate; certbot renew --authenticator dns-cloudns --dns-cloudns-credentials /etc/certbot/certbot.conf --dns-cloudns-nameserver {{ secrets.certbot.nameserver }}"
|
||||||
|
ExecStartPost=-/usr/bin/systemctl reload nginx
|
||||||
|
ExecStartPost=-/usr/bin/systemctl reload inspircd
|
||||||
|
KillMode=process
|
||||||
|
Type=oneshot
|
||||||
|
RemainAfterExit=no
|
||||||
|
User=root
|
||||||
|
Group=root
|
||||||
Reference in New Issue
Block a user