Ansible renew letsencrypt Apache certificates

From snippet wiki
Jump to navigation Jump to search

Even if certbot could renew by itself, you might want to centralize the triggering. Create a host group certbot_apache and run this script daily. 

---
- hosts: certbot_apache
  vars:
    statefile: /tmp/didrenew
  tasks:

  - name: Cleanup state flag file first
    command: "rm {{ statefile }}"
    args:
      removes: "{{ statefile }}"

  - name: Renew existing certificates
    command: "certbot renew --apache --post-hook 'touch {{ statefile }}'"
    args:
      creates: "{{ statefile }}"

  - name: Restart nginx, if flag file found
    command: "systemctl restart apache2.service"
    args:
      removes: "{{ statefile }}"

  - name: Cleanup state flag file at last
    command: "rm {{ statefile }}"
    args:
      removes: "{{ statefile }}"
Retrieved from "http://snippet.wiki/w/index.php?title=Ansible_renew_letsencrypt_Apache_certificates&oldid=413"