33 lines
1 KiB
YAML
33 lines
1 KiB
YAML
# create_cert.yml
|
|
---
|
|
- name: Create certs directory if it doesn't exist
|
|
file:
|
|
path: /etc/nginx/certs/
|
|
state: directory
|
|
|
|
- name: Create certificate directory for domain if it doesn't exist
|
|
file:
|
|
path: /etc/nginx/certs/{{ item.domain }}
|
|
state: directory
|
|
|
|
- name: check if privkey exists
|
|
ansible.builtin.command: '[ -f "/etc/nginx/certs/{{ item.domain }}/privkey.pem" ]'
|
|
register: result
|
|
ignore_errors: true
|
|
|
|
- name: Create private key (RSA, 4096 bits)
|
|
community.crypto.openssl_privatekey:
|
|
path: /etc/nginx/certs/{{ item.domain }}/privkey.pem
|
|
when: result is failure
|
|
|
|
- name: check if certificate exists
|
|
ansible.builtin.command: '[ -f "/etc/nginx/certs/{{ item.domain }}/fullchain.pem" ]'
|
|
register: result
|
|
ignore_errors: true
|
|
|
|
- name: Create simple self-signed certificate
|
|
community.crypto.x509_certificate:
|
|
path: /etc/nginx/certs/{{ item.domain }}/fullchain.pem
|
|
privatekey_path: /etc/nginx/certs/{{ item.domain }}/privkey.pem
|
|
provider: selfsigned
|
|
when: result is failure
|