v1.2

coderme · coderme · commit e73bfcfdbafb · 2018-09-08T15:00:33.000+03:00
diff --git a/README.md b/README.md
@@ -23,6 +23,7 @@ Each host has the following variables available:
 * *account_key*: (str) path where to store letsencrypt account key.
 * *account\_email*: (str) email address to get notifications when any certificate needs renewal.
 * *agreed*: (bool) say 'yes' to letsencrypt TOS.
+* *testing*: (bool) default is 'yes', change to 'no' when you ready for production.
 
 ## Usage
 * Clone this repository, edit 'hosts' or use it as template.
diff --git a/src/host_vars/example.org b/src/host_vars/example.org
@@ -27,6 +27,10 @@ account_email: certs@example.org
 # agreement is REQUIRED to be able to sign your certificate with letsencrpt, change the following to yes if you agreed.
 agreed: no
 
+# set testing to "no" when used on production domains
+testing: yes
+
+
 
 
 
diff --git a/src/install_tls.yaml b/src/install_tls.yaml
@@ -51,7 +51,7 @@
             loop: "{{ crts.results }}"
             when: not item.stat.exists or item.stat.mtime | older_than(days=80)
 
-          - name: generate lets encrypt ssl
+          - name: generate lets encrypt ssl (testing)
             acme_certificate:
                     acme_version: 2
                     account_key: "{{ account_key }}"
@@ -60,11 +60,25 @@
                     chain_dest: "{{ item.invocation.module_args.path | dirname }}/crt.intermediate.new"
                     fullchain_dest: "{{ item.invocation.module_args.path | dirname }}/crt.chained.new"
                     terms_agreed: "{{ agreed | default('no') }}"
-                    acme_directory: https://acme-v02.api.letsencrypt.org/directory
+                    acme_directory: https://acme-staging-v02.api.letsencrypt.org/directory
             loop: "{{ crts.results }}"
-            when: not item.stat.exists or item.stat.mtime | older_than(days=80)
+            when: testing and (not item.stat.exists or item.stat.mtime | older_than(days=80))
             register: data
 
+          - name: generate lets encrypt ssl (production)
+            acme_certificate:
+                    acme_version: 2
+                    account_key: "{{ account_key }}"
+                    csr: "{{ item.invocation.module_args.path | dirname }}/csr.new"
+                    dest: "{{ item.invocation.module_args.path | dirname }}/crt.thin.new"
+                    chain_dest: "{{ item.invocation.module_args.path | dirname }}/crt.intermediate.new"
+                    fullchain_dest: "{{ item.invocation.module_args.path | dirname }}/crt.chained.new"
+                    terms_agreed: "{{ agreed | default('no') }}"
+                    acme_directory: https://acme-v02.api.letsencrypt.org/directory
+            loop: "{{ crts.results }}"
+            when: not testing and (not item.stat.exists or item.stat.mtime | older_than(days=80))
+            register: data
+  
           - name: create directories for challanges
             file:
                     path: "/var/www/{{ item.invocation.module_args.fullchain_dest | dirname | basename }}/{{ item | acme_get('resource') | dirname }}"
@@ -82,7 +96,7 @@
             when: item.changed
             loop: "{{ data.results }}"
 
-          - name: ask letsencrypt to validate
+          - name: ask letsencrypt to validate (testing)
             acme_certificate:
                     acme_version: 2
                     account_key: "{{ account_key }}"
@@ -93,9 +107,25 @@
                     terms_agreed: "{{ agreed | default('no') }}"
                     acme_directory: https://acme-v02.api.letsencrypt.org/directory
                     data: "{{ item }}"
-            when: item.changed
+            when: testing and item.changed
             loop: "{{ data.results }}"
 
+
+          - name: ask letsencrypt to validate (production)
+            acme_certificate:
+                    acme_version: 2
+                    account_key: "{{ account_key }}"
+                    csr: "{{ item.invocation.module_args.dest | dirname }}/csr.new"
+                    dest: "{{ item.invocation.module_args.dest }}"
+                    chain_dest: "{{ item.invocation.module_args.chain_dest }}"
+                    fullchain_dest: "{{ item.invocation.module_args.fullchain_dest}}"
+                    terms_agreed: "{{ agreed | default('no') }}"
+                    acme_directory: https://acme-v02.api.letsencrypt.org/directory
+                    data: "{{ item }}"
+            when: not testing and item.changed
+            loop: "{{ data.results }}"
+
+
           - name: rename crt.chained.new -> crt.chained
             copy:
                     force: yes
