--- - name: mysql-letsencrypt | Manage the letsencrypt configuration when: mysql_letsencrypt_certificates tags: ['mysql', 'mariadb', 'letsencrypt', 'mysql_letsencrypt'] block: - name: mysql-letsencrypt | Check if the letsencrypt certificates are in place ansible.builtin.stat: path: "{{ letsencrypt_acme_certs_dir }}/privkey" register: letsencrypt_keyfile - name: mysql-letsencrypt | Copy the letsencrypt certificate key into the right place ansible.builtin.copy: src: "{{ letsencrypt_acme_certs_dir }}/privkey" dest: /var/lib/mysql/client-key.pem owner: mysql group: mysql mode: "0400" remote_src: true force: true when: letsencrypt_keyfile.stat.exists is defined and letsencrypt_keyfile.stat.exists | bool notify: Restart mysql - name: mysql-letsencrypt | Copy the letsencrypt public certificate into the right place ansible.builtin.copy: src: "{{ letsencrypt_acme_certs_dir }}/cert" dest: "/var/lib/mysql/client-cert.pem" owner: mysql group: mysql mode: "0444" remote_src: true force: true when: letsencrypt_keyfile.stat.exists is defined and letsencrypt_keyfile.stat.exists | bool notify: Restart mysql - name: mysql-letsencrypt | Copy the letsencrypt CA certificate into the right place ansible.builtin.copy: src: "{{ letsencrypt_acme_certs_dir }}/fullchain" dest: /var/lib/mysql/ca.pem owner: mysql group: mysql mode: "0444" remote_src: true force: true when: letsencrypt_keyfile.stat.exists is defined and letsencrypt_keyfile.stat.exists | bool notify: Restart mysql - name: mysql-letsencrypt | Create the acme hooks directory if it does not yet exist ansible.builtin.file: dest: "{{ letsencrypt_acme_sh_services_scripts_dir }}" state: directory owner: root group: root mode: "0750" - name: mysql-letsencrypt | Install a script that fix the letsencrypt certificate for mysql and then reloads the service ansible.builtin.copy: src: letsencrypt-mysql-hook.sh dest: "{{ letsencrypt_acme_sh_services_scripts_dir }}/mysql" owner: root group: root mode: "4555"