Reconfigured nginx / acme validation handling

roles/acme/certificate/tasks/main.yml

@@ -6,7 +6,7 @@
   command: >-
     ./acme.sh --issue
     --domain "{{ domain }}"
-    --webroot "{{ nginx_validation_directory }}"
+    --webroot "{{ nginx_validation_root_directory }}"
   args:
     chdir: "~/.acme.sh"
   register: acme_issue_result

roles/nginx/application/defaults/main.yml

@@ -12,4 +12,6 @@ nginx_global_log_directory: "/var/log/nginx"
 nginx_global_access_log: "{{ nginx_global_log_directory }}/access.log"
 nginx_global_error_log: "{{ nginx_global_log_directory }}/error.log"
 
-nginx_validation_directory: "/var/www/validation"
+acme_validation_directory: ".well-known/acme-challenge"
+nginx_validation_root_directory: "/var/www/validation"
+nginx_validation_test_file: "{{ nginx_validation_root_directory }}/{{ acme_validation_directory }}/test"

roles/nginx/application/tasks/main.yml

@@ -24,7 +24,9 @@
     - "{{ nginx_sites_directory }}"
     - "{{ nginx_streams_directory }}"
     - "{{ nginx_snippets_directory }}"
-    - "{{ nginx_validation_directory }}"
+    - "{{ nginx_validation_root_directory }}"
+    - "{{ nginx_validation_test_file | dirname }}"
+    - "{{ global_webservers_directory }}"
 
 - name: Upload snippets to nginx
   template:
@@ -35,6 +37,14 @@
     mode: "u=rw,g=r,o=r"
   with_items: "{{ nginx_snippets }}"
 
+- name: Configure test file for validation directory
+  copy:
+    content: "{{ ansible_fqdn }}"
+    dest: "{{ nginx_validation_test_file }}"
+    owner: root
+    group: root
+    mode: "u=rw,g=r,o=r"
+
 - name: Enable nginx service
   systemd:
     enabled: yes

roles/nginx/application/templates/acme.conf

@@ -1,5 +1,5 @@
-location /.well-known/acme-challenge {
-    root {{ nginx_validation_directory }};
+location /{{ acme_validation_directory }} {
+    root {{ nginx_validation_root_directory }};
     access_log on;
     try_files $uri $uri/ =404;
 }