From 30f144154d77459044a9733654d37c672cb44f10 Mon Sep 17 00:00:00 2001 From: Rostislav Raykov Date: Thu, 21 Oct 2021 16:54:47 +0200 Subject: [PATCH 1/5] update certbot installation using snap to support running it ot latest Ubuntu --- README.md | 2 +- tasks/install.yml | 11 ++++++----- 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 9e3b3ff..04c94ed 100644 --- a/README.md +++ b/README.md @@ -5,7 +5,7 @@ for it using Letsencrypt. The certificate is set to be autorenewed every 3 month # Requirements -The role currently supports only Ubuntu +The role currently supports only Ubuntu 20.04 (using snap to install Certbot) # Installation diff --git a/tasks/install.yml b/tasks/install.yml index a234e50..8cd8053 100644 --- a/tasks/install.yml +++ b/tasks/install.yml @@ -1,10 +1,11 @@ -- name: setup certbot apt repo +- name: install certbot become: yes - apt_repository: - repo: "ppa:certbot/certbot" -- name: install nginx and certbot + snap: + name: certbot + classic: yes +- name: install nginx become: yes apt: force_apt_get: yes - name: ["nginx", "python-certbot-nginx"] + name: ["nginx"] update_cache: yes \ No newline at end of file From 102111177a123854ba8f1deebd0007ef17c264e5 Mon Sep 17 00:00:00 2001 From: Rostislav Raykov Date: Thu, 21 Oct 2021 17:49:46 +0200 Subject: [PATCH 2/5] specify mode for site config file --- tasks/nginx.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/tasks/nginx.yml b/tasks/nginx.yml index 58e6aff..5e6689e 100644 --- a/tasks/nginx.yml +++ b/tasks/nginx.yml @@ -3,6 +3,7 @@ template: src: templates/nginx.j2 dest: /etc/nginx/sites-available/{{ https_reverse_proxy_site_name }} + mode: '644' notify: - test nginx configuration - name: put reverse proxy site config in enabled From 5b5ed035036ae269c829c0146c0bd86774eee577 Mon Sep 17 00:00:00 2001 From: Rostislav Raykov Date: Thu, 21 Oct 2021 17:50:52 +0200 Subject: [PATCH 3/5] don't compare to empty string --- tasks/check_vars.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tasks/check_vars.yml b/tasks/check_vars.yml index 22e2e69..5034c2c 100644 --- a/tasks/check_vars.yml +++ b/tasks/check_vars.yml @@ -2,7 +2,7 @@ - name: check if all required variables are set fail: msg: "{{ item }} is not defined or empty" - when: item not in vars or vars[item] == "" + when: item not in vars or vars[item]|length > 0 with_items: - https_reverse_proxy_domain_name - https_reverse_proxy_site_name From c7edc290ff702e1711f4f02737d9e55f4529e899 Mon Sep 17 00:00:00 2001 From: Rostislav Raykov Date: Thu, 21 Oct 2021 17:55:58 +0200 Subject: [PATCH 4/5] add creates arguments to certbot tasks --- tasks/certbot.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tasks/certbot.yml b/tasks/certbot.yml index 57fc96e..c58f386 100644 --- a/tasks/certbot.yml +++ b/tasks/certbot.yml @@ -1,6 +1,10 @@ - name: get a certificate become: yes command: "certbot --nginx -d {{ https_reverse_proxy_domain_name }} --non-interactive --agree-tos -m {{ https_reverse_proxy_certificate_contact_email }} {{ '--redirect' if https_reverse_proxy_redirect }}" + args: + creates: '/etc/letsencrypt/live/{{ https_reverse_proxy_domain_name }}/fullchain.pem' - name: setup autorenew of certificate become: yes command: certbot renew + args: + creates: false \ No newline at end of file From 4fcaa27a8e78162d9f254eead37f99fcafe5460b Mon Sep 17 00:00:00 2001 From: Rostislav Raykov Date: Thu, 21 Oct 2021 18:04:09 +0200 Subject: [PATCH 5/5] oops with fixing the lint in check_vars --- tasks/check_vars.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tasks/check_vars.yml b/tasks/check_vars.yml index 5034c2c..d8b72a8 100644 --- a/tasks/check_vars.yml +++ b/tasks/check_vars.yml @@ -2,7 +2,7 @@ - name: check if all required variables are set fail: msg: "{{ item }} is not defined or empty" - when: item not in vars or vars[item]|length > 0 + when: item not in vars or vars[item] is not defined with_items: - https_reverse_proxy_domain_name - https_reverse_proxy_site_name