38 lines
No EOL
1.2 KiB
YAML
38 lines
No EOL
1.2 KiB
YAML
- name: Install dependencies
|
|
apt:
|
|
pkg:
|
|
- python3-cryptography
|
|
|
|
- name: Check if certs have already been generated
|
|
stat:
|
|
path: "/etc/ssl/private/{{ cert.name }}.chain.crt"
|
|
register: result
|
|
|
|
- name: Generate self-signed certificates
|
|
when: not result.stat.exists
|
|
block:
|
|
- name: Generate an OpenSSL private key
|
|
openssl_privatekey:
|
|
path: "/etc/ssl/private/{{ cert.name }}.key"
|
|
|
|
- name: Generate an OpenSSL Certificate Signing Request
|
|
openssl_csr:
|
|
path: "/etc/ssl/private/{{ cert.name }}.csr"
|
|
privatekey_path: "/etc/ssl/private/{{ cert.name }}.key"
|
|
common_name: "{{ cert.name }}"
|
|
subject_alt_name: "{{ item.value | map('regex_replace', '^', 'DNS:') | list }}"
|
|
with_dict:
|
|
dns_names: "{{ [ cert.name ] + cert.alias }}"
|
|
|
|
- name: Generate a Self Signed OpenSSL certificate
|
|
openssl_certificate:
|
|
path: "/etc/ssl/private/{{ cert.name }}.crt"
|
|
privatekey_path: "/etc/ssl/private/{{ cert.name }}.key"
|
|
csr_path: "/etc/ssl/private/{{ cert.name }}.csr"
|
|
provider: selfsigned
|
|
|
|
- name: Generate fullchain
|
|
copy:
|
|
src: "/etc/ssl/private/{{ cert.name }}.crt"
|
|
remote_src: true
|
|
dest: "/etc/ssl/private/{{ cert.name }}.chain.crt" |