24 lines
1,014 B
YAML
24 lines
1,014 B
YAML
---
|
|
|
|
- name: Default certificate is present
|
|
when: evobsd_default_ssl_cert | bool
|
|
block:
|
|
- name: Create private key and csr for default site ({{ ansible_fqdn }})
|
|
ansible.builtin.command:
|
|
cmd: openssl req -newkey rsa:2048 -sha256 -nodes -keyout /etc/ssl/private/{{ ansible_fqdn }}.key -out /etc/ssl/{{ ansible_fqdn }}.csr -batch -subj "/CN={{ ansible_fqdn }}"
|
|
args:
|
|
creates: "/etc/ssl/private/{{ ansible_fqdn }}.key"
|
|
|
|
- name: Adjust rights on private key
|
|
ansible.builtin.file:
|
|
path: /etc/ssl/private/{{ ansible_fqdn }}.key
|
|
owner: root
|
|
group: ssl-cert
|
|
mode: "0640"
|
|
ignore_errors: '{{ ansible_check_mode }}'
|
|
|
|
- name: Create certificate for default site
|
|
ansible.builtin.command:
|
|
cmd: openssl x509 -req -days 3650 -sha256 -in /etc/ssl/{{ ansible_fqdn }}.csr -signkey /etc/ssl/private/{{ ansible_fqdn }}.key -out /etc/ssl/certs/{{ ansible_fqdn }}.crt
|
|
args:
|
|
creates: "/etc/ssl/certs/{{ ansible_fqdn }}.crt" |