You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
40 lines
1.3 KiB
40 lines
1.3 KiB
2 years ago
|
- name: select key type for acme
|
||
|
|
set_fact:
|
||
|
|
kt: "{{ ca_key_types | selectattr('name', 'equalto', ca_acme_account_key_type | d('ecc384')) | list | first }}"
|
||
|
|
|
||
|
|
|
||
|
|
- name: generate acme account keys
|
||
|
|
community.crypto.openssl_privatekey:
|
||
|
|
path: "{{ ca_dir ~ '/acme-' ~ item ~ '.' ~ ca_key_ext }}"
|
||
|
|
size: "{{ kt.size | d(omit) }}"
|
||
|
|
curve: "{{ kt.curve | d(omit) }}"
|
||
|
|
type: "{{ kt.type }}"
|
||
|
|
backup: yes
|
||
|
|
cipher: auto
|
||
|
|
force: no
|
||
|
|
format: pkcs8
|
||
|
|
format_mismatch: convert
|
||
|
|
passphrase: "{{ ca_acme_account_key_password }}"
|
||
|
|
regenerate: never
|
||
|
|
mode: 0600
|
||
|
|
loop:
|
||
|
|
- main
|
||
|
|
- staging
|
||
|
|
|
||
|
|
|
||
|
|
- name: create acme accounts
|
||
|
|
community.crypto.acme_account:
|
||
|
|
account_key_src: "{{ ca_dir ~ '/acme-' ~ item ~ '.' ~ ca_key_ext }}"
|
||
|
|
account_key_passphrase: "{{ ca_acme_account_key_password }}"
|
||
|
|
acme_directory: "{%- if item == 'main' -%}{{ ca_acme_endpoint | d('https://acme-v02.api.letsencrypt.org/directory') }}\
|
||
|
|
{%- else -%}{{ ca_acme_staging_endpoint | d('https://acme-staging-v02.api.letsencrypt.org/directory') }}\
|
||
|
|
{%- endif -%}"
|
||
|
|
acme_version: "{{ ca_acme_version | d(2) }}"
|
||
|
|
contact:
|
||
|
|
- "mailto:{{ maintainer_email | d('admin@' ~ tld) }}"
|
||
|
|
state: present
|
||
|
|
terms_agreed: yes
|
||
|
|
loop:
|
||
|
|
- main
|
||
|
|
- staging
|