ansible/test/integration/targets/acme_certificate/tasks/impl.yml

---
## SET UP ACCOUNT KEYS ########################################################################
- name: Create ECC256 account key
  command: openssl ecparam -name prime256v1 -genkey -out {{ output_dir }}/account-ec256.pem
- name: Create ECC384 account key
  command: openssl ecparam -name secp384r1 -genkey -out {{ output_dir }}/account-ec384.pem
- name: Create RSA-2048 account key
  command: openssl genrsa -out {{ output_dir }}/account-rsa2048.pem 2048
## SET UP ACCOUNTS ############################################################################
- name: Make sure ECC256 account hasn't been created yet
  acme_account:
    select_crypto_backend: "{{ select_crypto_backend }}"
    acme_version: 2
    acme_directory: https://{{ acme_host }}:14000/dir
    validate_certs: no
    account_key_src: "{{ output_dir }}/account-ec256.pem"
    state: absent
- name: Create ECC384 account
  acme_account:
    select_crypto_backend: "{{ select_crypto_backend }}"
    acme_version: 2
    acme_directory: https://{{ acme_host }}:14000/dir
    validate_certs: no
    account_key_content: "{{ lookup('file', output_dir ~ '/account-ec384.pem') }}"
    state: present
    allow_creation: yes
    terms_agreed: yes
    contact:
    - mailto:example@example.org
    - mailto:example@example.com
- name: Create RSA-2048 account
  acme_account:
    select_crypto_backend: "{{ select_crypto_backend }}"
    acme_version: 2
    acme_directory: https://{{ acme_host }}:14000/dir
    validate_certs: no
    account_key_src: "{{ output_dir }}/account-rsa2048.pem"
    state: present
    allow_creation: yes
    terms_agreed: yes
    contact: []
## OBTAIN CERTIFICATES ########################################################################
- name: Obtain cert 1
  include_tasks: obtain-cert.yml
  vars:
    certgen_title: Certificate 1
    certificate_name: cert-1
    key_type: rsa
    rsa_bits: 2048
    subject_alt_name: "DNS:example.com"
    subject_alt_name_critical: no
    account_key: account-ec256
    challenge: http-01
    modify_account: yes
    deactivate_authzs: no
    force: no
    remaining_days: 10
    terms_agreed: yes
    account_email: "example@example.org"
- name: Obtain cert 2
  include_tasks: obtain-cert.yml
  vars:
    certgen_title: Certificate 2
    certificate_name: cert-2
    key_type: ec256
    subject_alt_name: "DNS:*.example.com,DNS:example.com"
    subject_alt_name_critical: yes
    account_key: account-ec384
    challenge: dns-01
    modify_account: no
    deactivate_authzs: yes
    force: no
    remaining_days: 10
    terms_agreed: no
    account_email: ""
- name: Obtain cert 3
  include_tasks: obtain-cert.yml
  vars:
    certgen_title: Certificate 3
    certificate_name: cert-3
    key_type: ec384
    subject_alt_name: "DNS:*.example.com,DNS:example.org,DNS:t1.example.com"
    subject_alt_name_critical: no
    account_key_content: "{{ lookup('file', output_dir ~ '/account-rsa2048.pem') }}"
    challenge: dns-01
    modify_account: no
    deactivate_authzs: no
    force: no
    remaining_days: 10
    terms_agreed: no
    account_email: ""
- name: Obtain cert 4
  include_tasks: obtain-cert.yml
  vars:
    certgen_title: Certificate 4
    certificate_name: cert-4
    key_type: rsa
    rsa_bits: 2048
    subject_alt_name: "DNS:example.com,DNS:t1.example.com,DNS:test.t2.example.com,DNS:example.org,DNS:test.example.org"
    subject_alt_name_critical: no
    account_key: account-rsa2048
    challenge: http-01
    modify_account: no
    deactivate_authzs: yes
    force: yes
    remaining_days: 10
    terms_agreed: no
    account_email: ""
- name: Obtain cert 5
  include_tasks: obtain-cert.yml
  vars:
    certgen_title: Certificate 5, Iteration 1/4
    certificate_name: cert-5
    key_type: ec521
    subject_alt_name: "DNS:t2.example.com"
    subject_alt_name_critical: no
    account_key: account-ec384
    challenge: http-01
    modify_account: no
    deactivate_authzs: yes
    force: yes
    remaining_days: 10
    terms_agreed: no
    account_email: ""
- name: Obtain cert 5 (should not, since already there and valid for more than 10 days)
  include_tasks: obtain-cert.yml
  vars:
    certgen_title: Certificate 5, Iteration 2/4
    certificate_name: cert-5
    key_type: ec521
    subject_alt_name: "DNS:t2.example.com"
    subject_alt_name_critical: no
    account_key: account-ec384
    challenge: http-01
    modify_account: no
    deactivate_authzs: yes
    force: no
    remaining_days: 10
    terms_agreed: no
    account_email: ""
- set_fact:
    cert_5_recreate_1: "{{ challenge_data is changed }}"
- name: Obtain cert 5 (should again by less days)
  include_tasks: obtain-cert.yml
  vars:
    certgen_title: Certificate 5, Iteration 3/4
    certificate_name: cert-5
    key_type: ec521
    subject_alt_name: "DNS:t2.example.com"
    subject_alt_name_critical: no
    account_key: account-ec384
    challenge: http-01
    modify_account: no
    deactivate_authzs: yes
    force: yes
    remaining_days: 1000
    terms_agreed: no
    account_email: ""
- set_fact:
    cert_5_recreate_2: "{{ challenge_data is changed }}"
- name: Obtain cert 5 (should again by force)
  include_tasks: obtain-cert.yml
  vars:
    certgen_title: Certificate 5, Iteration 4/4
    certificate_name: cert-5
    key_type: ec521
    subject_alt_name: "DNS:t2.example.com"
    subject_alt_name_critical: no
    account_key_content: "{{ lookup('file', output_dir ~ '/account-ec384.pem') }}"
    challenge: http-01
    modify_account: no
    deactivate_authzs: yes
    force: yes
    remaining_days: 10
    terms_agreed: no
    account_email: ""
- set_fact:
    cert_5_recreate_3: "{{ challenge_data is changed }}"
- name: Obtain cert 6
  include_tasks: obtain-cert.yml
  vars:
    certgen_title: Certificate 6
    certificate_name: cert-6
    key_type: rsa
    rsa_bits: 2048
    subject_alt_name: "DNS:example.org"
    subject_alt_name_critical: no
    account_key: account-ec256
    challenge: tls-alpn-01
    modify_account: yes
    deactivate_authzs: no
    force: no
    remaining_days: 10
    terms_agreed: yes
    account_email: "example@example.org"
## DISSECT CERTIFICATES #######################################################################
# Make sure certificates are valid. Root certificate for Pebble equals the chain certificate.
- name: Verifying cert 1
  command: openssl verify -CAfile "{{ output_dir }}/cert-1-root.pem" -untrusted "{{ output_dir }}/cert-1-chain.pem" "{{ output_dir }}/cert-1.pem"
  ignore_errors: yes
  register: cert_1_valid
- name: Verifying cert 2
  command: openssl verify -CAfile "{{ output_dir }}/cert-2-root.pem" -untrusted "{{ output_dir }}/cert-2-chain.pem" "{{ output_dir }}/cert-2.pem"
  ignore_errors: yes
  register: cert_2_valid
- name: Verifying cert 3
  command: openssl verify -CAfile "{{ output_dir }}/cert-3-root.pem" -untrusted "{{ output_dir }}/cert-3-chain.pem" "{{ output_dir }}/cert-3.pem"
  ignore_errors: yes
  register: cert_3_valid
- name: Verifying cert 4
  command: openssl verify -CAfile "{{ output_dir }}/cert-4-root.pem" -untrusted "{{ output_dir }}/cert-4-chain.pem" "{{ output_dir }}/cert-4.pem"
  ignore_errors: yes
  register: cert_4_valid
- name: Verifying cert 5
  command: openssl verify -CAfile "{{ output_dir }}/cert-5-root.pem" -untrusted "{{ output_dir }}/cert-5-chain.pem" "{{ output_dir }}/cert-5.pem"
  ignore_errors: yes
  register: cert_5_valid
- name: Verifying cert 6
  command: openssl verify -CAfile "{{ output_dir }}/cert-6-root.pem" -untrusted "{{ output_dir }}/cert-6-chain.pem" "{{ output_dir }}/cert-6.pem"
  ignore_errors: yes
  register: cert_6_valid
# Dump certificate info
- name: Dumping cert 1
  command: openssl x509 -in "{{ output_dir }}/cert-1.pem" -noout -text
  register: cert_1_text
- name: Dumping cert 2
  command: openssl x509 -in "{{ output_dir }}/cert-2.pem" -noout -text
  register: cert_2_text
- name: Dumping cert 3
  command: openssl x509 -in "{{ output_dir }}/cert-3.pem" -noout -text
  register: cert_3_text
- name: Dumping cert 4
  command: openssl x509 -in "{{ output_dir }}/cert-4.pem" -noout -text
  register: cert_4_text
- name: Dumping cert 5
  command: openssl x509 -in "{{ output_dir }}/cert-5.pem" -noout -text
  register: cert_5_text
- name: Dumping cert 6
  command: openssl x509 -in "{{ output_dir }}/cert-6.pem" -noout -text
  register: cert_6_text
ACME: use Cryptography (if a new enough version is available) instead of OpenSSL (#42170) * Collecting PEM -> DER conversions. * Using cryptography instead of OpenSSL binary in some situations. * Moving key-to-disk writing for key content to parse_account_key. * Rename parse_account_key -> parse_key. * Move OpenSSL specific code for key parsing and request signing into global functions. * Also using cryptography for key parsing and request signing. * Remove assert statements. * Fixing handling of key contents for cryptography code path. * Allow to disable the use of cryptography. * Updating documentation. * 1.5 seems to work as well (earlier versions don't have EC sign function). Making Python 2.x adjustments. * Changing option to select_crypto_backend. * Python 2.6 compatibility. * Trying to test both backends separately for acme_account. * Also testing both backends separately for acme_certificate and acme_certificate_revoke. * Adding changelog entry which informs about select_crypto_backend option in case autodetect fails. * Fixing YAML. 6 years ago			`---`
			`## SET UP ACCOUNT KEYS ########################################################################`
			`- name: Create ECC256 account key`
			`command: openssl ecparam -name prime256v1 -genkey -out {{ output_dir }}/account-ec256.pem`
			`- name: Create ECC384 account key`
			`command: openssl ecparam -name secp384r1 -genkey -out {{ output_dir }}/account-ec384.pem`
			`- name: Create RSA-2048 account key`
			`command: openssl genrsa -out {{ output_dir }}/account-rsa2048.pem 2048`
			`## SET UP ACCOUNTS ############################################################################`
			`- name: Make sure ECC256 account hasn't been created yet`
			`acme_account:`
			`select_crypto_backend: "{{ select_crypto_backend }}"`
			`acme_version: 2`
			`acme_directory: https://{{ acme_host }}:14000/dir`
			`validate_certs: no`
			`account_key_src: "{{ output_dir }}/account-ec256.pem"`
			`state: absent`
			`- name: Create ECC384 account`
			`acme_account:`
			`select_crypto_backend: "{{ select_crypto_backend }}"`
			`acme_version: 2`
			`acme_directory: https://{{ acme_host }}:14000/dir`
			`validate_certs: no`
			`account_key_content: "{{ lookup('file', output_dir ~ '/account-ec384.pem') }}"`
			`state: present`
			`allow_creation: yes`
			`terms_agreed: yes`
			`contact:`
			`- mailto:example@example.org`
			`- mailto:example@example.com`
			`- name: Create RSA-2048 account`
			`acme_account:`
			`select_crypto_backend: "{{ select_crypto_backend }}"`
			`acme_version: 2`
			`acme_directory: https://{{ acme_host }}:14000/dir`
			`validate_certs: no`
			`account_key_src: "{{ output_dir }}/account-rsa2048.pem"`
			`state: present`
			`allow_creation: yes`
			`terms_agreed: yes`
			`contact: []`
			`## OBTAIN CERTIFICATES ########################################################################`
			`- name: Obtain cert 1`
			`include_tasks: obtain-cert.yml`
			`vars:`
			`certgen_title: Certificate 1`
			`certificate_name: cert-1`
			`key_type: rsa`
			`rsa_bits: 2048`
			`subject_alt_name: "DNS:example.com"`
			`subject_alt_name_critical: no`
			`account_key: account-ec256`
			`challenge: http-01`
			`modify_account: yes`
			`deactivate_authzs: no`
			`force: no`
			`remaining_days: 10`
			`terms_agreed: yes`
			`account_email: "example@example.org"`
			`- name: Obtain cert 2`
			`include_tasks: obtain-cert.yml`
			`vars:`
			`certgen_title: Certificate 2`
			`certificate_name: cert-2`
			`key_type: ec256`
			`subject_alt_name: "DNS:*.example.com,DNS:example.com"`
			`subject_alt_name_critical: yes`
			`account_key: account-ec384`
			`challenge: dns-01`
			`modify_account: no`
			`deactivate_authzs: yes`
			`force: no`
			`remaining_days: 10`
			`terms_agreed: no`
			`account_email: ""`
			`- name: Obtain cert 3`
			`include_tasks: obtain-cert.yml`
			`vars:`
			`certgen_title: Certificate 3`
			`certificate_name: cert-3`
			`key_type: ec384`
			`subject_alt_name: "DNS:*.example.com,DNS:example.org,DNS:t1.example.com"`
			`subject_alt_name_critical: no`
			`account_key_content: "{{ lookup('file', output_dir ~ '/account-rsa2048.pem') }}"`
			`challenge: dns-01`
			`modify_account: no`
			`deactivate_authzs: no`
			`force: no`
			`remaining_days: 10`
			`terms_agreed: no`
			`account_email: ""`
			`- name: Obtain cert 4`
			`include_tasks: obtain-cert.yml`
			`vars:`
			`certgen_title: Certificate 4`
			`certificate_name: cert-4`
			`key_type: rsa`
			`rsa_bits: 2048`
			`subject_alt_name: "DNS:example.com,DNS:t1.example.com,DNS:test.t2.example.com,DNS:example.org,DNS:test.example.org"`
			`subject_alt_name_critical: no`
			`account_key: account-rsa2048`
			`challenge: http-01`
			`modify_account: no`
			`deactivate_authzs: yes`
			`force: yes`
			`remaining_days: 10`
			`terms_agreed: no`
			`account_email: ""`
			`- name: Obtain cert 5`
			`include_tasks: obtain-cert.yml`
			`vars:`
			`certgen_title: Certificate 5, Iteration 1/4`
			`certificate_name: cert-5`
			`key_type: ec521`
			`subject_alt_name: "DNS:t2.example.com"`
			`subject_alt_name_critical: no`
			`account_key: account-ec384`
			`challenge: http-01`
			`modify_account: no`
			`deactivate_authzs: yes`
			`force: yes`
			`remaining_days: 10`
			`terms_agreed: no`
			`account_email: ""`
			`- name: Obtain cert 5 (should not, since already there and valid for more than 10 days)`
			`include_tasks: obtain-cert.yml`
			`vars:`
			`certgen_title: Certificate 5, Iteration 2/4`
			`certificate_name: cert-5`
			`key_type: ec521`
			`subject_alt_name: "DNS:t2.example.com"`
			`subject_alt_name_critical: no`
			`account_key: account-ec384`
			`challenge: http-01`
			`modify_account: no`
			`deactivate_authzs: yes`
			`force: no`
			`remaining_days: 10`
			`terms_agreed: no`
			`account_email: ""`
			`- set_fact:`
			`cert_5_recreate_1: "{{ challenge_data is changed }}"`
			`- name: Obtain cert 5 (should again by less days)`
			`include_tasks: obtain-cert.yml`
			`vars:`
			`certgen_title: Certificate 5, Iteration 3/4`
			`certificate_name: cert-5`
			`key_type: ec521`
			`subject_alt_name: "DNS:t2.example.com"`
			`subject_alt_name_critical: no`
			`account_key: account-ec384`
			`challenge: http-01`
			`modify_account: no`
			`deactivate_authzs: yes`
			`force: yes`
			`remaining_days: 1000`
			`terms_agreed: no`
			`account_email: ""`
			`- set_fact:`
			`cert_5_recreate_2: "{{ challenge_data is changed }}"`
			`- name: Obtain cert 5 (should again by force)`
			`include_tasks: obtain-cert.yml`
			`vars:`
			`certgen_title: Certificate 5, Iteration 4/4`
			`certificate_name: cert-5`
			`key_type: ec521`
			`subject_alt_name: "DNS:t2.example.com"`
			`subject_alt_name_critical: no`
			`account_key_content: "{{ lookup('file', output_dir ~ '/account-ec384.pem') }}"`
			`challenge: http-01`
			`modify_account: no`
			`deactivate_authzs: yes`
			`force: yes`
			`remaining_days: 10`
			`terms_agreed: no`
			`account_email: ""`
			`- set_fact:`
			`cert_5_recreate_3: "{{ challenge_data is changed }}"`
			`- name: Obtain cert 6`
			`include_tasks: obtain-cert.yml`
			`vars:`
			`certgen_title: Certificate 6`
			`certificate_name: cert-6`
			`key_type: rsa`
			`rsa_bits: 2048`
			`subject_alt_name: "DNS:example.org"`
			`subject_alt_name_critical: no`
			`account_key: account-ec256`
			`challenge: tls-alpn-01`
			`modify_account: yes`
			`deactivate_authzs: no`
			`force: no`
			`remaining_days: 10`
			`terms_agreed: yes`
			`account_email: "example@example.org"`
			`## DISSECT CERTIFICATES #######################################################################`
			`# Make sure certificates are valid. Root certificate for Pebble equals the chain certificate.`
			`- name: Verifying cert 1`
ACME: using new acme-test-container (#44095) * Using new acme-test-container image. * Add test for cleaning account contacts. 6 years ago			`command: openssl verify -CAfile "{{ output_dir }}/cert-1-root.pem" -untrusted "{{ output_dir }}/cert-1-chain.pem" "{{ output_dir }}/cert-1.pem"`
ACME: use Cryptography (if a new enough version is available) instead of OpenSSL (#42170) * Collecting PEM -> DER conversions. * Using cryptography instead of OpenSSL binary in some situations. * Moving key-to-disk writing for key content to parse_account_key. * Rename parse_account_key -> parse_key. * Move OpenSSL specific code for key parsing and request signing into global functions. * Also using cryptography for key parsing and request signing. * Remove assert statements. * Fixing handling of key contents for cryptography code path. * Allow to disable the use of cryptography. * Updating documentation. * 1.5 seems to work as well (earlier versions don't have EC sign function). Making Python 2.x adjustments. * Changing option to select_crypto_backend. * Python 2.6 compatibility. * Trying to test both backends separately for acme_account. * Also testing both backends separately for acme_certificate and acme_certificate_revoke. * Adding changelog entry which informs about select_crypto_backend option in case autodetect fails. * Fixing YAML. 6 years ago			`ignore_errors: yes`
			`register: cert_1_valid`
			`- name: Verifying cert 2`
ACME: using new acme-test-container (#44095) * Using new acme-test-container image. * Add test for cleaning account contacts. 6 years ago			`command: openssl verify -CAfile "{{ output_dir }}/cert-2-root.pem" -untrusted "{{ output_dir }}/cert-2-chain.pem" "{{ output_dir }}/cert-2.pem"`
ACME: use Cryptography (if a new enough version is available) instead of OpenSSL (#42170) * Collecting PEM -> DER conversions. * Using cryptography instead of OpenSSL binary in some situations. * Moving key-to-disk writing for key content to parse_account_key. * Rename parse_account_key -> parse_key. * Move OpenSSL specific code for key parsing and request signing into global functions. * Also using cryptography for key parsing and request signing. * Remove assert statements. * Fixing handling of key contents for cryptography code path. * Allow to disable the use of cryptography. * Updating documentation. * 1.5 seems to work as well (earlier versions don't have EC sign function). Making Python 2.x adjustments. * Changing option to select_crypto_backend. * Python 2.6 compatibility. * Trying to test both backends separately for acme_account. * Also testing both backends separately for acme_certificate and acme_certificate_revoke. * Adding changelog entry which informs about select_crypto_backend option in case autodetect fails. * Fixing YAML. 6 years ago			`ignore_errors: yes`
			`register: cert_2_valid`
			`- name: Verifying cert 3`
ACME: using new acme-test-container (#44095) * Using new acme-test-container image. * Add test for cleaning account contacts. 6 years ago			`command: openssl verify -CAfile "{{ output_dir }}/cert-3-root.pem" -untrusted "{{ output_dir }}/cert-3-chain.pem" "{{ output_dir }}/cert-3.pem"`
ACME: use Cryptography (if a new enough version is available) instead of OpenSSL (#42170) * Collecting PEM -> DER conversions. * Using cryptography instead of OpenSSL binary in some situations. * Moving key-to-disk writing for key content to parse_account_key. * Rename parse_account_key -> parse_key. * Move OpenSSL specific code for key parsing and request signing into global functions. * Also using cryptography for key parsing and request signing. * Remove assert statements. * Fixing handling of key contents for cryptography code path. * Allow to disable the use of cryptography. * Updating documentation. * 1.5 seems to work as well (earlier versions don't have EC sign function). Making Python 2.x adjustments. * Changing option to select_crypto_backend. * Python 2.6 compatibility. * Trying to test both backends separately for acme_account. * Also testing both backends separately for acme_certificate and acme_certificate_revoke. * Adding changelog entry which informs about select_crypto_backend option in case autodetect fails. * Fixing YAML. 6 years ago			`ignore_errors: yes`
			`register: cert_3_valid`
			`- name: Verifying cert 4`
ACME: using new acme-test-container (#44095) * Using new acme-test-container image. * Add test for cleaning account contacts. 6 years ago			`command: openssl verify -CAfile "{{ output_dir }}/cert-4-root.pem" -untrusted "{{ output_dir }}/cert-4-chain.pem" "{{ output_dir }}/cert-4.pem"`
ACME: use Cryptography (if a new enough version is available) instead of OpenSSL (#42170) * Collecting PEM -> DER conversions. * Using cryptography instead of OpenSSL binary in some situations. * Moving key-to-disk writing for key content to parse_account_key. * Rename parse_account_key -> parse_key. * Move OpenSSL specific code for key parsing and request signing into global functions. * Also using cryptography for key parsing and request signing. * Remove assert statements. * Fixing handling of key contents for cryptography code path. * Allow to disable the use of cryptography. * Updating documentation. * 1.5 seems to work as well (earlier versions don't have EC sign function). Making Python 2.x adjustments. * Changing option to select_crypto_backend. * Python 2.6 compatibility. * Trying to test both backends separately for acme_account. * Also testing both backends separately for acme_certificate and acme_certificate_revoke. * Adding changelog entry which informs about select_crypto_backend option in case autodetect fails. * Fixing YAML. 6 years ago			`ignore_errors: yes`
			`register: cert_4_valid`
			`- name: Verifying cert 5`
ACME: using new acme-test-container (#44095) * Using new acme-test-container image. * Add test for cleaning account contacts. 6 years ago			`command: openssl verify -CAfile "{{ output_dir }}/cert-5-root.pem" -untrusted "{{ output_dir }}/cert-5-chain.pem" "{{ output_dir }}/cert-5.pem"`
ACME: use Cryptography (if a new enough version is available) instead of OpenSSL (#42170) * Collecting PEM -> DER conversions. * Using cryptography instead of OpenSSL binary in some situations. * Moving key-to-disk writing for key content to parse_account_key. * Rename parse_account_key -> parse_key. * Move OpenSSL specific code for key parsing and request signing into global functions. * Also using cryptography for key parsing and request signing. * Remove assert statements. * Fixing handling of key contents for cryptography code path. * Allow to disable the use of cryptography. * Updating documentation. * 1.5 seems to work as well (earlier versions don't have EC sign function). Making Python 2.x adjustments. * Changing option to select_crypto_backend. * Python 2.6 compatibility. * Trying to test both backends separately for acme_account. * Also testing both backends separately for acme_certificate and acme_certificate_revoke. * Adding changelog entry which informs about select_crypto_backend option in case autodetect fails. * Fixing YAML. 6 years ago			`ignore_errors: yes`
			`register: cert_5_valid`
			`- name: Verifying cert 6`
ACME: using new acme-test-container (#44095) * Using new acme-test-container image. * Add test for cleaning account contacts. 6 years ago			`command: openssl verify -CAfile "{{ output_dir }}/cert-6-root.pem" -untrusted "{{ output_dir }}/cert-6-chain.pem" "{{ output_dir }}/cert-6.pem"`
ACME: use Cryptography (if a new enough version is available) instead of OpenSSL (#42170) * Collecting PEM -> DER conversions. * Using cryptography instead of OpenSSL binary in some situations. * Moving key-to-disk writing for key content to parse_account_key. * Rename parse_account_key -> parse_key. * Move OpenSSL specific code for key parsing and request signing into global functions. * Also using cryptography for key parsing and request signing. * Remove assert statements. * Fixing handling of key contents for cryptography code path. * Allow to disable the use of cryptography. * Updating documentation. * 1.5 seems to work as well (earlier versions don't have EC sign function). Making Python 2.x adjustments. * Changing option to select_crypto_backend. * Python 2.6 compatibility. * Trying to test both backends separately for acme_account. * Also testing both backends separately for acme_certificate and acme_certificate_revoke. * Adding changelog entry which informs about select_crypto_backend option in case autodetect fails. * Fixing YAML. 6 years ago			`ignore_errors: yes`
			`register: cert_6_valid`
			`# Dump certificate info`
			`- name: Dumping cert 1`
			`command: openssl x509 -in "{{ output_dir }}/cert-1.pem" -noout -text`
			`register: cert_1_text`
			`- name: Dumping cert 2`
			`command: openssl x509 -in "{{ output_dir }}/cert-2.pem" -noout -text`
			`register: cert_2_text`
			`- name: Dumping cert 3`
			`command: openssl x509 -in "{{ output_dir }}/cert-3.pem" -noout -text`
			`register: cert_3_text`
			`- name: Dumping cert 4`
			`command: openssl x509 -in "{{ output_dir }}/cert-4.pem" -noout -text`
			`register: cert_4_text`
			`- name: Dumping cert 5`
			`command: openssl x509 -in "{{ output_dir }}/cert-5.pem" -noout -text`
			`register: cert_5_text`
			`- name: Dumping cert 6`
			`command: openssl x509 -in "{{ output_dir }}/cert-6.pem" -noout -text`
			`register: cert_6_text`