Jérémy Lecour
131eac4499
Fix: return if file is not readable
2017-10-24 17:37:46 +02:00
Jérémy Lecour
0e5396faa7
change from CRON to QUIET
2017-10-24 17:37:15 +02:00
Jérémy Lecour
8567160596
evoacme: don't execute hooks with dots in file name
2017-10-20 10:15:12 +02:00
Jérémy Lecour
0ed1ca1356
evoacme: install hooks
2017-10-20 10:14:46 +02:00
Jérémy Lecour
1b50dfb0b3
evoacme: inline hooks calls + export variables
2017-10-19 23:23:51 +02:00
Jérémy Lecour
3d3e45faef
evoacme: use local variable
2017-10-19 23:18:11 +02:00
Jérémy Lecour
4d6853f844
evoacme: use hooks after certificate creation
2017-10-19 22:21:18 +02:00
Jérémy Lecour
1fa4ccc338
make-csr: create important directories
2017-10-19 11:08:35 +02:00
Jérémy Lecour
d2f86f7950
evoacme: check for arguments first
2017-10-19 11:08:16 +02:00
Jérémy Lecour
37cd22a466
evoacme: remove useless variables
2017-10-19 11:08:01 +02:00
Jérémy Lecour
266ac7fc07
evoacme: create important directories
2017-10-19 11:07:45 +02:00
Jérémy Lecour
e47371f347
Use bash, for proper readonly/local support
...
"readonly" is a safety bonus, but "local" is really important
not to overwrite variables from functions.
2017-10-19 11:05:54 +02:00
Jérémy Lecour
4d3ed7ed97
evoacme: remove a debug statement
2017-10-19 07:59:55 +02:00
Gregory Colpart
34365a145c
Typo: rename script
2017-10-19 01:39:08 +02:00
Jérémy Lecour
95e16287c8
Extract hook scripts for Apache and Nginx
2017-10-18 22:48:22 +02:00
Jérémy Lecour
d8960e2afa
simplify CSR generation
2017-10-18 00:44:04 +02:00
Jérémy Lecour
cd8ea40336
readability and whitespaces
2017-10-18 00:43:33 +02:00
Jérémy Lecour
232648a9b0
readlink -> realpath
...
better portability on BSD systems
2017-10-18 00:42:15 +02:00
Jérémy Lecour
beff333a1a
Evoacme: big refactoring
...
* debug messages are sent to stdout
* domains discovery from vhosts is extracted to "vhost-domains"
* fixes suggested by shellcheck
* variables are "local" or "readonly" wherever possible
2017-10-17 14:46:37 +02:00
Jérémy Lecour
1941f9a3f9
evoacme: improve webserver config logic
2017-10-13 17:14:03 +02:00
Jérémy Lecour
2066a79f2e
evoacme: exit after certbot in dry-run mode
2017-10-13 17:13:14 +02:00
Jérémy Lecour
350abe5787
evoacme: invert test logic
2017-10-13 14:05:05 +02:00
Jérémy Lecour
baa5eae784
evoacme: add many tests
2017-10-13 12:46:40 +02:00
Jérémy Lecour
1c5e5e965b
evoacme: fix typo
2017-10-13 12:32:16 +02:00
Jérémy Lecour
06a3965fde
whitespaces
2017-10-13 12:30:34 +02:00
Jérémy Lecour
31a19114e5
evoacme: readability of tests
...
change from :
"what I don't want" && error
to :
"what I want" || error
2017-10-13 12:30:24 +02:00
Jérémy Lecour
9bccbd9496
evoacme: check for readability, not just presence
2017-10-13 12:28:44 +02:00
Jérémy Lecour
3c283d2bb4
evoacme: execute evoacme in cron mode
2017-10-13 12:09:12 +02:00
Jérémy Lecour
0022071462
evoacme: add tests to fail with proper messages
2017-10-13 12:08:47 +02:00
Jérémy Lecour
e11958d101
evoacme: fix web servers config check
2017-10-13 11:18:37 +02:00
Jérémy Lecour
6d6d0760cd
evoacme: sed cert path after cert creation
2017-10-13 11:18:15 +02:00
Jérémy Lecour
88600039d3
evoacme: daily iterations are not enough
2017-10-13 11:17:32 +02:00
Jérémy Lecour
5e71da94d3
evoacme: fix typo
2017-10-13 11:16:46 +02:00
Jérémy Lecour
bced7561c9
make-csr: extract a few functions
2017-10-13 11:16:21 +02:00
Jérémy Lecour
fb0c22dfd1
evoacme: refactoring for make-csr
...
inspired from recent refactoring or evoacme itself
2017-10-13 00:47:02 +02:00
Jérémy Lecour
9fccd7e682
evoacme: improve variables
2017-10-12 18:22:43 +02:00
Jérémy Lecour
65ccc2c0b5
evoacme: use env variables for execution modes
2017-10-12 18:22:06 +02:00
Jérémy Lecour
30434a70d8
evoacme: csr verification is a different function call
2017-10-12 18:20:49 +02:00
Jérémy Lecour
118a9759af
evoacme: change function name to be more specific
2017-10-12 18:19:53 +02:00
Jérémy Lecour
3c61484448
evoacme: don't allow uninitialized variables
2017-10-12 18:19:09 +02:00
Jérémy Lecour
0d0c21f908
Evoacme: refactoring
...
* add a lot of variables, to reduce possible typos
* add a lot of debug statements
* add many comments and line breaks for readability
* extract functions for complex openssl commands
* explode the big certbot command into multiple lines
* allow certbot to make test certs (for API query limits)
* allow certbot to run in "dry run" mode
* regroup some lines together when they do related things
2017-10-12 00:29:21 +02:00
Victor LABORIE
1c244f556b
evoacme: better apache/nginx reload
2017-10-11 18:50:20 +02:00
Victor LABORIE
2dbdfb6600
evoacme: add error and debug function
2017-10-11 18:50:19 +02:00
Gregory Colpart
30c47fcd50
A lot of improvments: add comments, add tests/tests/tests, add --cron option, drop HAProxy support, modify Apache/Nginx conf only first time
2017-09-21 03:50:24 +02:00
Gregory Colpart
7ea5982611
empty commit, only :retab
2017-09-21 03:48:24 +02:00
Gregory Colpart
81698d03de
by default copy use files/ directory
2017-09-21 03:48:17 +02:00
Gregory Colpart
26d823174f
use {{ evoacme_crt_dir }} var everywhere
2017-09-21 03:48:11 +02:00
Gregory Colpart
a006a604f2
Rename /etc/cron.d/certbot to .disabled as written in https://wiki.evolix.org/HowtoLetsEncrypt
2017-09-21 03:48:05 +02:00
Gregory Colpart
cdf0861821
More clear without include for determining apache/nginx presence
2017-09-21 03:47:57 +02:00
Victor LABORIE
d96e2ea5bf
evoacme: renew certs 30 days before expiration by default
2017-09-18 15:02:20 +02:00
Victor LABORIE
8a139b07b2
evoacme: fix SRV_IP overriding in make-csr
2017-09-13 11:38:38 +02:00
Victor LABORIE
f5fdd71681
evoacme: fix invalid domain printing in make-csr
2017-09-12 15:49:35 +02:00
Victor LABORIE
069e675c6b
evoacme: add basic check to evoacme.sh
2017-09-11 17:05:46 +02:00
Victor LABORIE
ab177c2dad
evoacme: add pem extension to dhparam file
2017-09-11 17:05:46 +02:00
Victor LABORIE
6c399ca60e
evoacme: fix live link path
2017-09-11 17:05:46 +02:00
Victor LABORIE
1fbcb61559
evoacme: fix typo
2017-09-11 17:05:45 +02:00
Victor LABORIE
ff392d8e26
evoacme: fix symlink generation
2017-09-11 17:05:45 +02:00
Victor LABORIE
0726d29796
evoacme: purge same day cert before recreating it
2017-09-11 17:05:45 +02:00
Victor LABORIE
740b60d838
evoacme: make-csr stdout is more verbose
2017-09-11 17:05:45 +02:00
Victor LABORIE
e16eafc1a0
evoacme: complete refactoring of make-csr.sh
2017-09-11 17:05:45 +02:00
Victor LABORIE
05afeea894
evoacme: remove obsolete sudoers file
2017-09-11 17:05:44 +02:00
Victor LABORIE
8d7cbab3a9
evoacme: refactoring of certbot.cron
2017-09-11 17:05:44 +02:00
Victor LABORIE
9deb594834
evoacme: move scripts in /usr/local/sbin
2017-09-11 17:05:44 +02:00
Victor LABORIE
e210de5f53
evoacme: complete refactoring of evoacme.sh
2017-09-11 17:05:44 +02:00
Gregory Colpart
207a2f6011
Improve distribution verification
2017-08-23 01:49:27 +02:00
Gregory Colpart
41329af173
Remove dynamic add of whitelist Squid proxy
2017-08-23 01:26:57 +02:00
Gregory Colpart
2bb7367edf
standardization for Debian versions : we use "jessie" or "9 or later" to prepare buster smoothly as possible
2017-08-18 03:50:30 +02:00
Jérémy Lecour
62fbbd2016
Rename role "apt-repositories" to "apt"
2017-07-19 08:56:46 +02:00
Jérémy Lecour
3a8093fb12
Apache: use "Require"
...
http://httpd.apache.org/docs/2.4/howto/auth.html
2017-07-18 20:13:58 +02:00
Jérémy Lecour
bc99227259
Better squid/squid3 whitelist and reload
2017-07-12 12:17:33 +02:00
Victor LABORIE
08b4b2fa4a
evoacme: change location priority for nginx
2017-07-03 17:37:05 +02:00
Victor LABORIE
f14ee0424e
evoacme: fix certbot verbosity
2017-06-12 14:09:29 +02:00
Victor LABORIE
267f1ffc88
evoacme: refactoring
2017-06-12 13:14:30 +02:00
Daniel Jakots
2eb194577f
use the correct var
2017-06-06 16:36:09 -04:00
Gabriel Periard-Tremblay
87ebadcadd
Kitchen: Change base image to evolix/ansible
2017-06-02 08:38:08 -04:00
Victor LABORIE
41f93bcd5d
evoacme: fix sed for nginx self-signed cert
2017-05-30 15:13:00 +02:00
Jérémy Lecour
404f4445d4
install backports with "tasks_from"
...
When including a specific tasks file, we bypass the "main" tasks of the role and the conditionals.
That way we don't play useless tasks and don't rely on default values.
2017-05-23 15:13:11 +02:00
Jérémy Lecour
d2eeb3ba69
evoacme/tomcat: check if /etc/aliases exists
2017-05-21 23:34:34 +02:00
Jérémy Lecour
1b24815491
whitespaces
2017-05-21 19:32:25 +02:00
Jérémy Lecour
ec1ba752e4
relative paths
2017-05-19 22:31:32 +02:00
Jérémy Lecour
f6cfe41a35
Use command instead of shell where possible
2017-05-19 22:31:17 +02:00
Jérémy Lecour
9fae99f8dc
Minor syntax and whitespaces fixes
2017-05-19 22:29:53 +02:00
Jérémy Lecour
6eb71daead
Let's Encrypt has many subdomains, let's whitelist them all
2017-05-19 21:35:51 +02:00
Jérémy Lecour
6386509d3b
Add Let's Encrypt domains in the squid's whitelist
2017-05-19 19:54:12 +02:00
Jérémy Lecour
2794929c22
Add some kitchen tests for many roles
2017-05-18 15:16:30 +02:00
Jérémy Lecour
d6c6674cdc
evoacme: add a vagrant test playbook
2017-05-16 15:05:43 +02:00
Jérémy Lecour
d4036df165
evoacme: simplify squid whitelist management
2017-05-16 15:04:24 +02:00
Jérémy Lecour
82b2ab1a67
evoacme: relative path to external roles
2017-05-16 15:04:02 +02:00
Jérémy Lecour
f068684a76
evoacme: add squid whitelist for ocsp server
2017-05-16 10:30:17 +02:00
Victor LABORIE
0883102747
evoacme: reinit ssl conf when overwrite csr and key
2017-05-10 11:28:53 +02:00
Victor LABORIE
8aadec03c1
evoacme: support for evoadmin-cluster
2017-05-10 11:05:31 +02:00
Victor LABORIE
3738a189c7
evoacme: always strip .conf suffix
2017-05-10 11:05:31 +02:00
Victor LABORIE
cf216ab96a
evoacme: fix forge link in README
2017-04-27 12:19:54 +02:00
Victor LABORIE
7dba7f5855
Revert "Load Apache proxy module (IfModule added to apache conf)"
...
This reverts commit 07a24c8438
.
2017-04-18 12:03:20 +02:00
Victor LABORIE
51763f9d95
evoacme: check apache2 module
2017-04-18 10:54:37 +02:00
Victor LABORIE
acc3f90bae
evoacme: create system user for acme
2017-04-03 15:36:54 +02:00
Romain Dessort
07a24c8438
Load Apache proxy module
2017-03-29 12:08:50 -04:00
Jérémy Lecour
5b2ab0d8d3
Ansible >= 2.2 supported
2017-03-24 14:15:09 +01:00
Jérémy Lecour
af2351486d
evoacme: use apt-repositories role
2017-03-24 14:13:39 +01:00
Jérémy Lecour
294cea44e8
Change mode with leading 0, but still as String
2017-03-23 16:59:43 +01:00