diff --git a/defaults/main.yml b/defaults/main.yml index 5e909d1..d0b6880 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -78,6 +78,7 @@ no_proxy_targets: trusted_ca_el_anchors_path: '/etc/pki/ca-trust/source/anchors' # it shoudn't be needed trusted_ca_letsencrypt_install: False +trusted_ca_letsencrypt_ca_certificates_url: https://letsencrypt.org/certificates/ trusted_ca_letsencrypt_ca_files: - { ca: 'isrgrootx1.pem', name: 'isrg-root-x1' } - { ca: 'isrg-root-x2.pem', name: 'isrg-root-x2-not-cross' } diff --git a/tasks/trusted_ca.yml b/tasks/trusted_ca.yml index c2ccf5f..7b1eec9 100644 --- a/tasks/trusted_ca.yml +++ b/tasks/trusted_ca.yml @@ -15,9 +15,14 @@ - name: Manage the Letsencrypt CA files on EL block: - - name: Copy the letsencrypt CA files on EL - copy: src=letsencrypt_ca_files/{{ item.ca }} dest=/etc/pki/ca-trust/source/anchors/{{ item.ca }} owner=root group=root mode='0444' - with_items: '{{ trusted_ca_letsencrypt_ca_files }}' + - name: Download the letsencrypt CA files on EL + get_url: + url: '{{ trusted_ca_letsencrypt_ca_certificates_url }}/{{ item.ca }}' + dest: '/etc/pki/ca-trust/source/anchors/{{ item.ca }}' + owner: root + group: root + mode: 0444 + loop: '{{ trusted_ca_letsencrypt_ca_files }}' register: letsencrypt_ca_files_installation - name: Rebuild the trust CA files on EL @@ -59,9 +64,14 @@ - name: Manage the Letsencrypt CA files on deb block: - - name: Copy the letsencrypt CA files on deb - copy: src=letsencrypt_ca_files/{{ item.ca }} dest=/etc/ssl/certs/{{ item.ca }} owner=root group=root mode='0444' - with_items: '{{ trusted_ca_letsencrypt_ca_files }}' + - name: Download the letsencrypt CA files on deb + get_url: + url: '{{ trusted_ca_letsencrypt_ca_certificates_url }}/{{ item.ca }}' + dest: '/etc/ssl/certs/{{ item.ca }}' + owner: root + group: root + mode: 0444 + loop: '{{ trusted_ca_letsencrypt_ca_files }}' register: letsencrypt_ca_files_installation - name: Trust the CA files on deb