--- - block: - name: Copy systemd service to renew Let's Encrypt certs template: src=renew-letsencrypt.service.j2 dest=/etc/systemd/system/renew-letsencrypt.service mode=0644 owner=root group=root - name: Copy systemd timer to renew Let's Encrypt certs copy: src=renew-letsencrypt.timer dest=/etc/systemd/system/renew-letsencrypt.timer mode=0644 owner=root group=root # always issues daemon-reload just in case the server/timer changed - name: Start and enable systemd timer to renew Let's Encrypt certs systemd: name=renew-letsencrypt.timer state=started enabled=yes daemon_reload=yes - name: Download certbot get_url: dest={{ letsencrypt_certbot_dest }} url=https://dl.eff.org/certbot-auto mode=700 # Dependencies certbot checks for on its first run. I set them in a fact so that # I can pass the list directly to the apt module to install in one transaction. - name: Set certbot dependencies (Debian 10) when: ansible_distribution == 'Debian' and ansible_distribution_major_version is version('10', '==') set_fact: certbot_dependencies: - augeas-lenses - binutils - binutils-common - binutils-x86-64-linux-gnu - cpp - cpp-8 - gcc - gcc-8 - libasan5 - libatomic1 - libaugeas0 - libbinutils - libc-dev-bin - libc6-dev - libcc1-0 - libexpat1-dev - libffi-dev - libgcc-8-dev - libgomp1 - libisl19 - libitm1 - liblsan0 - libmpc3 - libmpfr6 - libmpx2 - libpython-dev - libpython2-dev - libpython2.7 - libpython2.7-dev - libquadmath0 - libssl-dev - libtsan0 - libubsan1 - linux-libc-dev - python-dev - python-pip-whl - python-pkg-resources - python-virtualenv - python2-dev - python2.7-dev - python3-distutils - python3-lib2to3 - python3-virtualenv - virtualenv # Dependencies certbot checks for on its first run. I set them in a fact so that # I can pass the list directly to the apt module to install in one transaction. - name: Set certbot dependencies (Debian 9) when: ansible_distribution == 'Debian' and ansible_distribution_major_version is version('9', '==') set_fact: certbot_dependencies: - augeas-doc - augeas-tools - autoconf - automake - binutils - bison - cpp - cpp-6 - flex - gcc-6 - gcc-doc - gcc-multilib - gdb - libasan3 - libatomic1 - libc-dev-bin - libc6-dev - libcc1-0 - libcilkrts5 - libexpat1-dev - libffi-dev - libgcc-6-dev - libgomp1 - libisl15 - libitm1 - liblsan0 - libmpc3 - libmpx2 - libpython-dev - libpython2.7 - libpython2.7-dev - libquadmath0 - libssl-dev - libtool - libtsan0 - libubsan0 - linux-libc-dev - make - python-dev - python-pip-whl - python-pkg-resources - python-virtualenv - python2.7-dev - python3-virtualenv - virtualenv # Dependencies certbot checks for on its first run. I set them in a fact so that # I can pass the list directly to the apt module to install in one transaction. - name: Set certbot dependencies (Ubuntu 16.04) when: ansible_distribution == 'Ubuntu' and ansible_distribution_version is version('16.04', '==') set_fact: certbot_dependencies: - augeas-doc - augeas-tools - binutils - cpp - cpp-5 - dialog - gcc - gcc-5 - libasan2 - libatomic1 - libcc1-0 - libcilkrts5 - libexpat1-dev - libffi-dev - libgcc-5-dev - libgomp1 - libisl15 - libitm1 - liblsan0 - libmpc3 - libmpx0 - libpython-dev - libpython2.7 - libpython2.7-dev - libquadmath0 - libssl-dev - libtsan0 - libubsan0 - python-dev - python-pip-whl - python-pkg-resources - python-virtualenv - python2.7-dev - python3-virtualenv - virtualenv - zlib1g-dev # Dependencies certbot checks for on its first run. I set them in a fact so that # I can pass the list directly to the apt module to install in one transaction. - name: Set certbot dependencies (Ubuntu 18.04) when: ansible_distribution == 'Ubuntu' and ansible_distribution_version is version('18.04', '==') set_fact: certbot_dependencies: - augeas-lenses - binutils - binutils-common - binutils-x86-64-linux-gnu - cpp - cpp-7 - gcc - gcc-7 - gcc-7-base - libasan4 - libatomic1 - libaugeas0 - libbinutils - libc-dev-bin - libc6-dev - libcc1-0 - libcilkrts5 - libexpat1-dev - libffi-dev - libgcc-7-dev - libgomp1 - libisl19 - libitm1 - liblsan0 - libmpc3 - libmpx2 - libpython-dev - libpython2.7 - libpython2.7-dev - libquadmath0 - libssl-dev - libtsan0 - libubsan0 - linux-libc-dev - python-dev - python-pip-whl - python-pkg-resources - python-virtualenv - python2.7-dev - python3-virtualenv - virtualenv - name: Install certbot dependencies apt: name={{ certbot_dependencies }} state=present update_cache=yes when: ansible_distribution != 'Ubuntu' and ansible_distribution_major_version is version('20.04', '!=') tags: letsencrypt # On Ubuntu 20.04 it is no longer recommended/supported to use the standalone # certbot-auto so I guess we need to use the one from the repositories. - block: - name: Install certbot (Ubuntu 20.04) apt: name=certbot state=present update_cache=yes - name: Copy certbot post and pre hooks for nginx copy: src={{ item.src }} dest={{ item.dest }} owner=root group=root mode=0755 with_items: - { src: 'stop-nginx.sh', dest: '/etc/letsencrypt/renewal-hooks/post/stop-nginx.sh' } - { src: 'start-nginx.sh', dest: '/etc/letsencrypt/renewal-hooks/post/start-nginx.sh' } when: ansible_distribution == 'Ubuntu' and ansible_distribution_version is version('20.04', '==') tags: letsencrypt # vim: set ts=2 sw=2: