Better handling of letsnecrypt certificate generation, uploading when fails to renew.

2025-08-31 13:35:58 +00:00 · 2021-02-18 16:22:30 -05:00 · 2021-02-18 16:22:30 -05:00 · 237ba1a632
commit 237ba1a632
parent 599d8402b0
1 changed files with 28 additions and 1 deletions
--- a/ansible/roles/letsencrypt/tasks/certbot-dns.yml
+++ b/ansible/roles/letsencrypt/tasks/certbot-dns.yml
@ -41,7 +41,7 @@
      --dns-{{ dns_plugin }} --dns-{{ dns_plugin }}-propagation-seconds 60
      --dns-{{ dns_plugin }}-credentials {{ dnsimple_credentials_path }}
      --server https://acme-v02.api.letsencrypt.org/directory
-  # when: use_dns_plugin|bool
+  when: use_dns_plugin|bool
  tags:
    - certbot-dns

@ -101,5 +101,32 @@
      dest: "{{ssl_certificate}}"
    - src: /etc/letsencrypt/live/{{ domains_list[0] }}/privkey.pem
      dest: "{{ssl_certificate_key}}"
+  ignore_errors: yes
+  register: linked
  tags:
    - certbot-dns
+
+- name: Copy working certificates because letsencrypt failed
+  become: yes
+  copy:
+    src: '{{ item.src }}'
+    dest: '{{ item.dest }}'
+  when: not linked
+  with_items:
+    - src: /srv/secrets-newsblur/certificates/newsblur.com.crt
+      dest: /etc/letsencrypt/live/{{ domains_list[0] }}/fullchain.pem
+    - src: /srv/secrets-newsblur/certificates/newsblur.com.key
+      dest: /etc/letsencrypt/live/{{ domains_list[0] }}/privkey.pem
+
+- name: Download new certificates to local
+  become: yes
+  fetch:
+    src: '{{ item.dest }}'
+    dest: '{{ item.src }}'
+    flat: yes
+  when: linked
+  with_items:
+    - src: /srv/secrets-newsblur/certificates/newsblur.com.crt
+      dest: /etc/letsencrypt/live/{{ domains_list[0] }}/fullchain.pem
+    - src: /srv/secrets-newsblur/certificates/newsblur.com.key
+      dest: /etc/letsencrypt/live/{{ domains_list[0] }}/privkey.pem