37 lines
1.2 KiB
YAML
37 lines
1.2 KiB
YAML
|
|
- name: Check if certs have already been generated
|
|
stat:
|
|
path: "/etc/ssl/private/{{ item.name }}.chain.crt"
|
|
register: result
|
|
|
|
- name: Generate self-signed certificates
|
|
when: not result.stat.exists
|
|
notify: Restart nginx
|
|
block:
|
|
- name: Generate an OpenSSL private key
|
|
openssl_privatekey:
|
|
path: "/etc/ssl/private/{{ item.name }}.key"
|
|
|
|
- name: Generate an OpenSSL Certificate Signing Request
|
|
openssl_csr:
|
|
path: "/etc/ssl/private/{{ item.name }}.csr"
|
|
privatekey_path: "/etc/ssl/private/{{ item.name }}.key"
|
|
common_name: "{{ item.name }}"
|
|
subject_alt_name: "{{ item2.value | map('regex_replace', '^', 'DNS:') | list }}"
|
|
with_dict:
|
|
dns_names: "{{ [ item.name ] + item.alias }}"
|
|
loop_control:
|
|
loop_var: item2
|
|
|
|
- name: Generate a Self Signed OpenSSL certificate
|
|
openssl_certificate:
|
|
path: "/etc/ssl/private/{{ item.name }}.crt"
|
|
privatekey_path: "/etc/ssl/private/{{ item.name }}.key"
|
|
csr_path: "/etc/ssl/private/{{ item.name }}.csr"
|
|
provider: selfsigned
|
|
|
|
- name: Generate fullchain
|
|
copy:
|
|
src: "/etc/ssl/private/{{ item.name }}.crt"
|
|
remote_src: true
|
|
dest: "/etc/ssl/private/{{ item.name }}.chain.crt"
|