diff --git a/files/setup-le.sh b/files/setup-le.sh index 925c1e3..72052e8 100644 --- a/files/setup-le.sh +++ b/files/setup-le.sh @@ -21,6 +21,16 @@ ipa-cacert-manage install "/etc/ssl/$FQDN/x1.pem" ipa-cacert-manage install "/etc/ssl/$FQDN/x2.pem" ipa-cacert-manage install "/etc/ssl/$FQDN/$issuer.pem" -systemctl restart httpd +ipa-certupdate -ipa-certupdate \ No newline at end of file +if ! [[ -L /var/lib/ipa/certs/httpd.crt ]] +then + mv /var/lib/ipa/certs/httpd.crt /var/lib/ipa/certs/httpd.crt.bak + ln -s /etc/letsencrypt/live/$FQDN/cert.pem /var/lib/ipa/certs/httpd.crt +fi + +if ! [[ -L /var/lib/ipa/private/httpd.key ]] +then + mv /var/lib/ipa/private/httpd.key /var/lib/ipa/private/httpd.key.bak + ln -s /etc/letsencrypt/live/$FQDN/privkey.pem /var/lib/ipa/private/httpd.key +fi \ No newline at end of file diff --git a/tasks/main.yml b/tasks/main.yml index 2c61477..ae8a3a2 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -30,7 +30,7 @@ ansible.posix.selinux: state: disabled -# create symlink for certs if letsencrypt is set up +# create letsencrypt setup script if certbot is enabled - name: check if letsencrypt is set up ansible.builtin.command: '[ -d "/etc/letsencrypt/" ]' register: result @@ -45,22 +45,4 @@ ansible.builtin.copy: src: files/setup-le.sh dest: /scripts/setup-le.sh - when: (result is succeeded) and (result2 is succeeded) - -- name: create symlink for certificate - ansible.builtin.file: - src: "/etc/letsencrypt/live/{{ansible_fqdn}}/cert.pem" - dest: /var/lib/ipa/certs/httpd.crt - state: link - force: yes - when: (result is succeeded) and (result2 is succeeded) - notify: restart httpd - -- name: create symlink for private key - ansible.builtin.file: - src: "/etc/letsencrypt/live/{{ansible_fqdn}}/privkey.pem" - dest: /var/lib/ipa/private/httpd.key - state: link - force: yes - when: (result is succeeded) and (result2 is succeeded) - notify: restart httpd + when: (result is succeeded) and (result2 is succeeded) \ No newline at end of file