f27c170d01
This isn't a service, it's a meta thing that we run for different hosts at different times. Change-Id: Ib65665c98afb3ddb94b15346931be88a4b1757d8
23 lines
658 B
YAML
23 lines
658 B
YAML
# This needs to happen in order. letsencrypt hosts export their TXT
|
|
# authentication records which is installed onto adns1, and then the
|
|
# hosts verify to issue/renew keys
|
|
- hosts: "certcheck:!disabled"
|
|
roles:
|
|
- install-certcheck
|
|
- hosts: "letsencrypt:!disabled"
|
|
name: "Deploy and renew certificates"
|
|
roles:
|
|
- letsencrypt-acme-sh-install
|
|
- letsencrypt-request-certs
|
|
- hosts: "adns:!disabled"
|
|
name: "Install txt records"
|
|
roles:
|
|
- letsencrypt-install-txt-record
|
|
- hosts: "letsencrypt:!disabled"
|
|
name: "Create certs"
|
|
roles:
|
|
- letsencrypt-create-certs
|
|
- hosts: "certcheck:!disabled"
|
|
roles:
|
|
- letsencrypt-config-certcheck
|