v0.01

2026-03-12 12:41:28 +01:00
parent 87755ef08e
commit 64c7b6c310
12 changed files with 539 additions and 0 deletions
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -0,0 +1,80 @@
+---
+# Certbot
+#
+# Linux-Server-Admin.com Ansible Role for cert management with Certbot
+#
+# Main Tasks
+#
+
+- name: "Check if certbot_debug is defined and true and if set debug_nolog to false for all sensitive tasks"
+  set_fact:
+    debug_nolog: false
+  when: certbot_debug is defined and certbot_debug is true
+
+- name: "Install Certbot"
+  include_tasks: install.yml
+  when: certbot_install | default(true) | bool
+
+- shell: "certbot --version"
+  register: __certbot_version
+
+- debug:
+    var: __certbot_version
+  when: certbot_debug is defined and certbot_debug is true
+
+- name: Check Webserver
+  debug:
+    msg: "Selected Webserver: {{ certbot_webserver }}"
+  when: certbot_webserver is defined and certbot_debug is defined and certbot_debug is true
+
+- name: "Check if certificate already exists"
+  ansible.builtin.stat:
+    path: /etc/letsencrypt/live/{{ item.name }}/cert.pem
+  register: certbot_vhosts_host
+  with_items: "{{ certbot_vhosts }}"
+  become: true
+
+- name: "Generate certificate scripts"
+  ansible.builtin.template:
+    src: "generate-cert.sh.j2"
+    dest: "/usr/local/bin/certbot-{{ item.item.name }}.sh"
+    mode: +x
+  with_items: "{{ certbot_vhosts_host.results }}"
+  become: true
+#  no_log: debug_nolog | default(true) | bool
+
+- name: "Exec cert script"
+  ansible.builtin.shell: '/usr/local/bin/certbot-{{ item.item.name }}.sh'
+  with_items: "{{ certbot_vhosts_host.results }}"
+  become: true
+#  no_log: debug_nolog | default(true) | bool
+
+# list all installed certificates
+- name: "List all installed certificates"
+  ansible.builtin.command:
+    cmd: "certbot certificates"
+  register: __certbot_certificates
+  failed_when: false
+  changed_when: false
+  become: true
+#  when: certbot_debug is defined and certbot_debug is true
+
+- debug:
+    var: __certbot_certificates.stdout_lines
+  when: certbot_debug is defined and certbot_debug is true
+
+- name: "Generate LetsEncrypt FreeIPA Integration script"
+  ansible.builtin.template:
+    src: "letsencrypt-freeipa.sh.j2"
+    dest: "/usr/local/bin/letsencrypt-freeipa.sh"
+    mode: +x
+  when: certbot_freeipa | default(false) | bool
+  become: true
+
+- name: "Setup Certbot facts"
+  include_tasks: facts.yml
+  when: certbot_facts | default(false) | bool
+
+- name: "Setup Certbot readme"
+  include_tasks: readme.yml
+  when: certbot_readme | default(false) | bool