aboutsummaryrefslogtreecommitdiffstats
path: root/roles/acme/templates
diff options
context:
space:
mode:
Diffstat (limited to 'roles/acme/templates')
-rw-r--r--roles/acme/templates/acme-client.conf.j227
1 files changed, 10 insertions, 17 deletions
diff --git a/roles/acme/templates/acme-client.conf.j2 b/roles/acme/templates/acme-client.conf.j2
index 583c3d5..a6516c6 100644
--- a/roles/acme/templates/acme-client.conf.j2
+++ b/roles/acme/templates/acme-client.conf.j2
@@ -1,26 +1,19 @@
# managed by Ansible
{% import 'macros.j2' as macros with context %}
-authority letsencrypt {
- api url "https://acme-v02.api.letsencrypt.org/directory"
- account key "/etc/acme/letsencrypt-privkey.pem"
+authority {{ acme_authority.name }} {
+ api url "{{ acme_authority.url }}"
+ account key "{{ acme_authority.key }}"
}
-domain {{ acme_domain_name }} {
- alternative names { www.{{ acme_domain_name }} }
- domain key "/etc/ssl/private/{{ acme_domain_name }}.key"
- domain full chain certificate "/etc/ssl/{{ acme_domain_name }}.crt"
- sign with letsencrypt
-}
+{% call(h) macros.loop_valid_hosts(relayd_connected_hosts) -%}
+{% for rule in h.acme_rules %}
-{% call(h) macros.loop_valid_hosts("servers") -%}
-{% for name, rules in h.acme_rules.items() if rules.domain is defined %}
-domain {{ rules.domain }}.{{ acme_domain_name }} {
- {% set domain = rules.domain ~ "." ~ acme_domain_name %}
- alternative names { www.{{ domain }} }
- domain key "/etc/ssl/private/{{ domain }}.key"
- domain full chain certificate "/etc/ssl/{{ domain }}.crt"
- sign with letsencrypt
+domain {{ rule.domain }} {
+ alternative names { www.{{ rule.domain }} }
+ domain key "{{ acme_keys_dir }}/{{ rule.domain }}.key"
+ domain full chain certificate "{{ acme_certificates_dir }}/{{ rule.domain }}.crt"
+ sign with {{ acme_authority.name }}
}
{% endfor %}
{%- endcall %}
remember that computers suck.