add lets-encrypt-tiny

[ansible.git] / roles / letsencrypt / tasks / main.yml

diff --git a/roles/letsencrypt/tasks/main.yml b/roles/letsencrypt/tasks/main.yml
new file mode 100644 (file)
index 0000000..d838d21
--- /dev/null
+++ b/roles/letsencrypt/tasks/main.yml
@@ -0,0 +1,27 @@
+# dh2048
+- name: create dh2048 file
+  command: openssl dhparam -out /etc/ssl/dh2048.pem 2048
+  args:
+    creates: "/etc/ssl/dh2048.pem"
+# lets encrypt tiny
+- name: clone lets-encrypt-tiny
+  git:
+    dest: /var/lib/letsencrypt/lets-encrypt-tiny
+    repo: 'https://git.ralfj.de/lets-encrypt-tiny.git'
+    version: 1b15f25eb3f15859f0e0c8f584dcd423fc24a11c
+- name: obtain certificate
+  command: /var/lib/letsencrypt/lets-encrypt-tiny/letsencrypt-tiny -c /var/lib/letsencrypt/live.conf init
+  args:
+    creates: "/etc/ssl/mycerts/letsencrypt/live.crt"
+- name: create lets-encrypt-tiny crontab entry
+  cron:
+    name: "lets-encrypt-tiny"
+    hour: "7"
+    minute: "42"
+    job: "/var/lib/letsencrypt/lets-encrypt-tiny/letsencrypt-tiny -c /var/lib/letsencrypt/live.conf -k cron"
+- name: create certcheck crontab entry
+  cron:
+    name: "certcheck"
+    hour: "9"
+    minute: "42"
+    job: "/var/lib/letsencrypt/lets-encrypt-tiny/certcheck /etc/ssl/mycerts/ -d 14"