You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
41 lines
1.2 KiB
YAML
41 lines
1.2 KiB
YAML
---
|
|
|
|
# at least one of domain or domains is required
|
|
domain: "{{ domains[0] }}"
|
|
domains:
|
|
- "{{ effective_domain }}"
|
|
# effective_domain from all/vars.yml
|
|
|
|
acme_must_staple: yes
|
|
|
|
dane_configure: yes
|
|
dane_protocol: tcp
|
|
dane_port: 443 # default for https
|
|
dane_domain: "_{{ dane_port }}._{{ dane_protocol }}.{{ domain }}"
|
|
|
|
# TODO Requires gnutls-bin to be installed
|
|
dane_command: >-
|
|
danetool --tlsa-rr
|
|
--load-pubkey=cert.pem
|
|
--hash=sha512
|
|
--host={{ domain | quote }}
|
|
--proto={{ dane_protocol | quote }}
|
|
--port={{ dane_port | quote }}
|
|
--no-domain
|
|
|
|
certificate_name: "{{ effective_domain }}"
|
|
|
|
# acme_validation_root_directory from nginx/application
|
|
|
|
acme_certificate_directory: "{{ global_certbot_certificates_directory }}/{{ certificate_name }}"
|
|
acme_certificate_location: "{{ acme_certificate_directory }}/cert.pem"
|
|
acme_chain_location: "{{ acme_certificate_directory }}/chain.pem"
|
|
acme_fullchain_location: "{{ acme_certificate_directory }}/fullchain.pem"
|
|
acme_key_location: "{{ acme_certificate_directory }}/privkey.pem"
|
|
acme_keyfullchain_location: "{{ acme_certificate_directory }}/keyfullchain.pem"
|
|
|
|
# at maximun one of is used
|
|
reload_command: "systemctl reload-or-restart {{ global_nginx_service_name | quote }}"
|
|
reload_commands:
|
|
- "{{ reload_command }}"
|