aboutsummaryrefslogtreecommitdiffstats
path: root/roles/acme/tasks
diff options
context:
space:
mode:
Diffstat (limited to 'roles/acme/tasks')
-rw-r--r--roles/acme/tasks/main.yml19
1 files changed, 10 insertions, 9 deletions
diff --git a/roles/acme/tasks/main.yml b/roles/acme/tasks/main.yml
index f2d4ba3..c068ab5 100644
--- a/roles/acme/tasks/main.yml
+++ b/roles/acme/tasks/main.yml
@@ -8,23 +8,24 @@
group: 0
mode: "0644"
-- name: retrieve enabled domains # noqa: no-changed-when
+- name: retrieve enabled domains
ansible.builtin.shell: |
set -o pipefail
grep "^domain" /etc/acme-client.conf | cut -d " " -f 2
- register: subdomains
+ register: acme_result_subdomains
+ changed_when: false
-- name: generate acme certificates # noqa: no-changed-when
+- name: generate acme certificates
ansible.builtin.command: acme-client -v {{ item }}
- loop: "{{ subdomains.stdout_lines }}"
+ loop: "{{ acme_result_subdomains.stdout_lines }}"
register: acme_result_generation
- failed_when:
- - acme_result_generation.rc != 0
- - "'certificate valid' not in acme_result_generation.stderr"
+ failed_when: acme_result_generation.rc == 1
+ changed_when: acme_result_generation.rc != 2
- name: display registered certificates
ansible.builtin.debug:
- msg: "{{ acme_result_generation.results | map(attribute='stderr') }}"
+ msg: "{{ acme_result_generation.results | map(attribute='stderr')
+ | join('\n') }}"
- name: enable automatic acme certificates update
ansible.builtin.cron:
@@ -32,4 +33,4 @@
minute: 0
hour: 6,18
job: "acme-client -v {{ item }} && rcctl reload relayd"
- loop: "{{ subdomains.stdout_lines }}"
+ loop: "{{ acme_result_subdomains.stdout_lines }}"
remember that computers suck.