oh my! Thank you!!!
It appears that the first example in the docs has this error:
https://docs.ansible.com/ansible/latest/collections/community/crypto/acme_certificate_module.html#acme-certificate-module
So with that solved, I'm left with the problem where challenge_data is
empty even if I specify remaining_days: 91 . I also tried adding force: yes
or force: true
In the object created by acme_challenge task, I see that cert_days is 89
It works if I delete the /etc/letsencrypt directory, which includes the
account key, certs, csr, etc (so basically we're starting over from
scratch).
I only really care if it works when it gets to under 30 days. This is just
for testing.
Here is my play from the top all the way down to the first run of
acme_certificate
---
- hosts: fms
become: true
tasks:
- name: "Create required directories in /etc/letsencrypt"
file:
path: "/etc/letsencrypt/{{ item }}"
state: directory
owner: root
group: root
mode: u=rwx,g=x,o=x
with_items:
- account
- certs
- csrs
- keys
- name: "Generate a Let's Encrypt account key"
shell: "if [ ! -f {{ letsencrypt_account_key }} ]; then openssl genrsa
4096 | sudo tee {{ letsencrypt_account_key }}; fi"
- name: "Generate Let's Encrypt private key"
shell: "openssl genrsa 4096 | sudo tee /etc/letsencrypt/keys/{{
inventory_hostname }}.key"
- name: "Generate Let's Encrypt CSR"
shell: "openssl req -new -sha256 -key /etc/letsencrypt/keys/{{
inventory_hostname }}.key -subj \"/CN={{ inventory_hostname }}\" | sudo tee
/etc/letsencrypt/csrs/{{ inventory_hostname }}.csr"
args:
executable: /bin/bash
- name: "Begin Let's Encrypt challenges"
acme_certificate:
acme_directory: "{{ acme_directory }}"
acme_version: "{{ acme_version }}"
account_key_src: "{{ letsencrypt_account_key }}"
account_email: "{{ acme_email }}"
terms_agreed: 1
challenge: "{{ acme_challenge_type }}"
csr: "{{ letsencrypt_csrs_dir }}/{{ inventory_hostname }}.csr"
dest: "{{ letsencrypt_certs_dir }}/{{ inventory_hostname }}.crt"
fullchain_dest: "{{ letsencrypt_certs_dir }}/fullchain_{{
inventory_hostname }}.crt"
remaining_days: 91
force: yes
register: acme_challenge_mydomain
On Tuesday, January 18, 2022 at 1:57:03 p.m. UTC-5 Felix Fontein wrote:
> Hi,
>
> > But right after that, I have the exact same statement in when:
> >
> > - name: "Implement http-01 challenge files"
> > copy:
> > content: "{{
> >
> acme_challenge_mydomain['challenge_data'][inventory_hostname]['http-01']['resource_value']
>
>
> > }}"
> > dest: "/opt/FileMaker/FileMaker Server/HTTPServer/htdocs/{{
> >
> acme_challenge_mydomain['challenge_data'][inventory_hostname]['http-01']['resource']
>
>
> > }}"
> > owner: root
> > group: root
> > mode: u=rw,g=r,o=r
> > when: *acme_challenge_mydomain is changed and inventory_hostname in
> > acme_challenge_mydomain['challenge_data']*
> >
> > ...but this task is still returning this error:
>
> unfortunately in the text version of your email, all indentation is
> gone. But in the HTML view online
> (https://groups.google.com/g/ansible-project/c/cKmSS0VhyYo/m/oDCXtZFLAAAJ)
> one can see that `when:` is indented at the wrong level. It is not an
> option to the `copy` module, but belongs on the task level, i.e. the
> same level as `copy:`.
>
> If you remove two spaces before `when:` it should work.
>
> Cheers,
> Felix
>
>
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/e105d409-b027-496f-89d9-492df7a66afan%40googlegroups.com.
