aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--roles/acme/tasks/main.yml10
-rw-r--r--roles/acme/templates/acme-client.conf.j212
2 files changed, 20 insertions, 2 deletions
diff --git a/roles/acme/tasks/main.yml b/roles/acme/tasks/main.yml
index 4d0f67f..ff644a4 100644
--- a/roles/acme/tasks/main.yml
+++ b/roles/acme/tasks/main.yml
@@ -18,8 +18,13 @@
group: "{{ group_root }}"
mode: 0644
+- name: retrieve enabled domains
+ shell: grep "^domain" /etc/acme-client.conf | cut -d " " -f 2
+ register: subdomains
+
- name: generate acme certificates
- shell: acme-client -v {{ global.domain_name }}
+ shell: acme-client -v {{ item }}
+ loop: "{{ subdomains.stdout_lines }}"
register: result
failed_when: result.rc not in [ 0, 2 ]
@@ -32,4 +37,5 @@
name: "automatic acme certificates update"
minute: "0"
hour: "6,18"
- job: "acme-client -v {{ global.domain_name }}"
+ job: "acme-client -v {{ item }}"
+ loop: "{{ subdomains.stdout_lines }}"
diff --git a/roles/acme/templates/acme-client.conf.j2 b/roles/acme/templates/acme-client.conf.j2
index 3ff6971..0b9ea6c 100644
--- a/roles/acme/templates/acme-client.conf.j2
+++ b/roles/acme/templates/acme-client.conf.j2
@@ -14,3 +14,15 @@ domain {{ global.domain_name }} {
domain full chain certificate "/etc/ssl/{{ global.domain_name }}.fullchain.pem"
sign with letsencrypt
}
+
+{% for h in groups["servers"] %}
+{% set h = dict(hostvars[h]) %}
+{% for service in h.services if service.domain is defined %}
+domain {{ service.domain }}.{{ global.domain_name }} {
+ domain key "/etc/ssl/private/{{ service.domain }}.{{ global.domain_name }}.key"
+ domain certificate "/etc/ssl/{{ service.domain }}.{{ global.domain_name }}.crt"
+ domain full chain certificate "/etc/ssl/{{ service.domain }}.{{ global.domain_name }}.fullchain.pem"
+ sign with letsencrypt
+}
+{% endfor %}
+{% endfor %}
remember that computers suck.