From 4fba1b2d6dbbc5904c03b8354b5ea0207fa4dcaf Mon Sep 17 00:00:00 2001 From: Timotej Lazar Date: Fri, 15 Nov 2024 11:25:50 +0100 Subject: [PATCH] nginx: support certificates for multiple domains Uses `tls_domains` config context property from NetBox. --- roles/nginx/README.md | 3 +++ roles/nginx/tasks/main.yml | 4 ++-- 2 files changed, 5 insertions(+), 2 deletions(-) create mode 100644 roles/nginx/README.md diff --git a/roles/nginx/README.md b/roles/nginx/README.md new file mode 100644 index 0000000..a5696ee --- /dev/null +++ b/roles/nginx/README.md @@ -0,0 +1,3 @@ +Install nginx, set up generic HTTPS redirects and the .well-known directory. + +Also acquire Let’s Encrypt certificates for domains listed in the `tls_domains` context property (or just for the primary IP `dns_domain` if `tls_domains` is not set). diff --git a/roles/nginx/tasks/main.yml b/roles/nginx/tasks/main.yml index 2fb8a50..b3caf31 100644 --- a/roles/nginx/tasks/main.yml +++ b/roles/nginx/tasks/main.yml @@ -26,8 +26,8 @@ - name: Get LE certificate command: - cmd: certbot certonly --non-interactive --agree-tos --register-unsafely-without-email --webroot --webroot-path /srv/http -d {{ dns_name }} - creates: '/etc/letsencrypt/renewal/{{ dns_name }}.conf' + cmd: certbot certonly --non-interactive --agree-tos --register-unsafely-without-email --webroot --webroot-path /srv/http -d {{ tls_domains|default([dns_name])|join(',') }} + creates: '/etc/letsencrypt/renewal/{{ tls_domains|default([dns_name])|first }}.conf' - name: Install certificate renewal deployment hook copy: