diff --git a/letsencrypt-client/defaults/main.yml b/letsencrypt-client/defaults/main.yml deleted file mode 100644 index b740b07..0000000 --- a/letsencrypt-client/defaults/main.yml +++ /dev/null @@ -1,33 +0,0 @@ ---- -letsencrypt_install: False -letsencrypt_git_repo: 'https://github.com/letsencrypt/letsencrypt' -letsencrypt_dest_dir: /opt -letsencrypt_update_repo: True -letsencrypt_prerequisites: - - git - - bc - -letsencrypt_auto: '{{ letsencrypt_dest_dir }}/letsencrypt/letsencrypt-auto' -letsencrypt_install_path: /root/.local/share/letsencrypt -letsencrypt_config_dir: /etc/letsencrypt -letsencrypt_certs_dir: '{{ letsencrypt_config_dir }}/live/{{ ansible_fqdn }}' -# In seconds. Default 7 days -letsencrypt_renew_before: 604800 -letsencrypt_logdir: /var/log/letsencrypt -# The various services maintainers need to put the reconfigure/restart scripts there -letsencrypt_services_scripts_dir: /usr/local/lib/letsencrypt - -# cli.ini parameters -letsencrypt_rsa_key_size: 4096 -letsencrypt_email: sysadmin@example.com -letsencrypt_authenticator: standalone -letsencrypt_standalone_supp_challenges: 'http-01' -letsencrypt_agree_tos: True -letsencrypt_verbose: False -letsencrypt_text_interface: True -# The first on the list gives the name to the certs live directory. -# If it is not the machine FQDN, change the letsencrypt_cert_dir definition. -letsencrypt_domains: '{{ ansible_fqdn }} example.com example.org' -letsencrypt_renew_by_default: True -letsencrypt_standalone_port: 9999 - diff --git a/letsencrypt-client/tasks/main.yml b/letsencrypt-client/tasks/main.yml deleted file mode 100644 index 6f5b281..0000000 --- a/letsencrypt-client/tasks/main.yml +++ /dev/null @@ -1,50 +0,0 @@ ---- -- name: Install the letsencrypt package dependencies - apt: name={{ item }} state=present - with_items: '{{ letsencrypt_prerequisites }}' - when: letsencrypt_install - tags: letsencrypt - -- name: Get the letsencrypt client - git: repo={{ letsencrypt_git_repo }} dest={{ letsencrypt_dest_dir }}/letsencrypt update={{ letsencrypt_update_repo }} - with_items: '{{ letsencrypt_prerequisites }}' - when: letsencrypt_install - tags: letsencrypt - -- name: letsencrypt initializaztion - command: '{{ letsencrypt_auto }}' - args: - creates: '{{ letsencrypt_install_path }}/bin/letsencrypt' - when: letsencrypt_install - tags: letsencrypt - -- name: Create the letsencrypt config directory - file: dest={{ letsencrypt_config_dir }} state=directory owner=root group=root mode=0755 - when: letsencrypt_install - tags: letsencrypt - -- name: Create the letsencrypt services scripts directory - file: dest={{ letsencrypt_services_scripts_dir }} state=directory owner=root group=root mode=0755 - when: letsencrypt_install - tags: letsencrypt - -- name: Install the letsencrypt cli.ini file - template: src=cli.ini.j2 dest={{ letsencrypt_config_dir }}/cli.ini owner=root group=root mode=0640 - when: letsencrypt_install - tags: letsencrypt - -- name: Install a default file that shell scripts can include - template: src=letsencrypt-default.j2 dest=/etc/default/letsencrypt owner=root group=root mode=0644 - when: letsencrypt_install - tags: letsencrypt - -- name: Install the command that asks for the certificates and their renewal - template: src=letsencrypt-cert-request.sh.j2 dest=/usr/local/sbin/letsencrypt-cert-request owner=root group=root mode=0550 - when: letsencrypt_install - tags: letsencrypt - -- name: Install a daily cron job to renew the certificates when needed - cron: name="Letsencrypt certificate renewal" special_time=daily job="/usr/local/sbin/letsencrypt-cert-request > {{ letsencrypt_logdir }}/letsencrypt-cert-cron.log 2>&1" - when: letsencrypt_install - tags: letsencrypt - diff --git a/letsencrypt-client/templates/cli.ini.j2 b/letsencrypt-client/templates/cli.ini.j2 deleted file mode 100644 index 0fffec6..0000000 --- a/letsencrypt-client/templates/cli.ini.j2 +++ /dev/null @@ -1,10 +0,0 @@ -rsa-key-size = {{ letsencrypt_rsa_key_size }} -email = {{ letsencrypt_email }} -authenticator = {{ letsencrypt_authenticator }} -standalone-supported-challenges = {{ letsencrypt_standalone_supp_challenges }} -agree-tos = {{ letsencrypt_agree_tos }} -{% if letsencrypt_verbose %} -verbose = {{ letsencrypt_verbose }} -{% endif %} -text = {{ letsencrypt_text_interface }} -renew-by-default = {{ letsencrypt_renew_by_default }} diff --git a/letsencrypt-client/templates/letsencrypt-cert-request.sh.j2 b/letsencrypt-client/templates/letsencrypt-cert-request.sh.j2 deleted file mode 100644 index bd57ebd..0000000 --- a/letsencrypt-client/templates/letsencrypt-cert-request.sh.j2 +++ /dev/null @@ -1,45 +0,0 @@ -#!/bin/bash - -RENEW_BEFORE={{ letsencrypt_renew_before }} -LETSENCRYPT_BIN={{ letsencrypt_auto }} -LE_CERT_DIR={{ letsencrypt_certs_dir }} -LE_SERVICES_SCRIPT_DIR={{ letsencrypt_services_scripts_dir }} -LOG_DIR={{ letsencrypt_logdir }} -VALIDITY_RETVAL=0 -DOMAINS="{{ letsencrypt_domains }}" -CERT_DOMAINS_LIST= -ACTION=certonly -RETVAL=0 - -# Check if the cert file exists. If not, it is a certificate request and not a renewal. -if [ -f $LE_CERT_DIR/cert.pem ] ; then - VALIDITY_CHECK=$( openssl x509 -checkend $RENEW_BEFORE -noout -in $LE_CERT_DIR/cert.pem ) - VALIDITY_RETVAL=$? - if [ $VALIDITY_RETVAL -eq 0 ] ; then - echo "The certificate is still valid" >> $LOG_DIR/letsencrypt_request.log - exit 0 - else - ACTION=renew - fi -fi - -if [ "$ACTION" === "certonly" ] ; then - for dom in $DOMAINS ; do - CERT_DOMAINS_LIST+=" -d $dom" - done -fi - -# Ask for a new certificate. First request or renewal are the same. We only support the standalone method right now -$LETSENCRYPT_BIN $ACTION $CERT_DOMAINS_LIST --http-01-port {{ letsencrypt_standalone_port }} --config /etc/letsencrypt/cli.ini >> $LOG_DIR/letsencrypt_request.log 2>&1 -RETVAL=$? - -# Run the reconfiguration scripts to make the involved services load the new certificate -for f in $( /bin/ls -1 $LE_SERVICES_SCRIPT_DIR ) ; do - if [ -x $LE_SERVICES_SCRIPT_DIR/$f ] ; then - echo "Running $LE_SERVICES_SCRIPT_DIR/$f" >> $LOG_DIR/letsencrypt_request.log - $LE_SERVICES_SCRIPT_DIR/$f >> $LOG_DIR/letsencrypt_request.log 2>&1 - fi -done - -exit 0 - diff --git a/letsencrypt-client/templates/letsencrypt-default.j2 b/letsencrypt-client/templates/letsencrypt-default.j2 deleted file mode 100644 index 1ee49c4..0000000 --- a/letsencrypt-client/templates/letsencrypt-default.j2 +++ /dev/null @@ -1,8 +0,0 @@ -RSA_KEY_SIZE={{ letsencrypt_rsa_key_size }} -LE_EMAIL={{ letsencrypt_email }} -LE_AUTHENTICATOR={{ letsencrypt_authenticator }} -LE_STANDALONE_SUPPORTED_CHALLENGES={{ letsencrypt_standalone_supp_challenges }} -LE_SERVICES_SCRIPT_DIR={{ letsencrypt_services_scripts_dir }} -LE_COMMAND={{ letsencrypt_auto }} -LE_CERTS_DIR={{ letsencrypt_certs_dir }} -LE_LOG_DIR={{ letsencrypt_logdir }}