dedd3a409f
Ensure the certificate material is not world-readable. Create a letsencrypt group, and have things owned by root but group readable. Change-Id: I49a6a8520aca27e70b3e48d0fcc874daf1c4ff24
37 lines
710 B
YAML
37 lines
710 B
YAML
- name: Install acme.sh client
|
|
git:
|
|
repo: https://github.com/Neilpang/acme.sh
|
|
dest: /opt/acme.sh
|
|
version: dev
|
|
|
|
- name: Install letsencrypt group
|
|
group:
|
|
name: letsencrypt
|
|
state: present
|
|
|
|
- name: Install driver script
|
|
copy:
|
|
src: driver.sh
|
|
dest: /opt/acme.sh/driver.sh
|
|
mode: 0755
|
|
|
|
- name: Setup log directory
|
|
file:
|
|
path: /var/log/acme.sh
|
|
state: directory
|
|
mode: 0755
|
|
|
|
- name: Setup log rotation
|
|
include_role:
|
|
name: logrotate
|
|
vars:
|
|
logrotate_file_name: /var/log/acme.sh/acme.sh.log
|
|
|
|
- name: Setup top level cert directory
|
|
file:
|
|
path: /etc/letsencrypt-certs
|
|
state: directory
|
|
owner: root
|
|
group: letsencrypt
|
|
mode: u=rwx,g=rx,o=,g+s
|