system-config/playbooks/letsencrypt.yaml

23 lines
658 B
YAML

# This needs to happen in order. letsencrypt hosts export their TXT
# authentication records which is installed onto adns1, and then the
# hosts verify to issue/renew keys
- hosts: "certcheck:!disabled"
roles:
- install-certcheck
- hosts: "letsencrypt:!disabled"
name: "Deploy and renew certificates"
roles:
- letsencrypt-acme-sh-install
- letsencrypt-request-certs
- hosts: "adns:!disabled"
name: "Install txt records"
roles:
- letsencrypt-install-txt-record
- hosts: "letsencrypt:!disabled"
name: "Create certs"
roles:
- letsencrypt-create-certs
- hosts: "certcheck:!disabled"
roles:
- letsencrypt-config-certcheck