diff --git a/tasks/ssl.yml b/tasks/ssl.yml index 9bc0771..4f9e642 100644 --- a/tasks/ssl.yml +++ b/tasks/ssl.yml @@ -48,3 +48,40 @@ with_items: "{{ nginx_vhosts }}" when: item.copy_ssl is defined notify: reload nginx + +- name: "[SELFSIGNED] - Create Key folder" + file: + path: "{{ nginx_ssl_dir }}/{{ item.ssl_name }}" + state: directory + mode: 0755 + with_items: "{{ nginx_vhosts }}" + when: item.selfsigned is defined and item.selfsigned == 'true' + notify: reload nginx + + +- name: '[SELFSIGNED] - Create a self-signed key' + openssl_privatekey: + path: '{{ ssl_src_path }}/{{ item.ssl_name }}/privkey.pem' + size: 2048 + type: RSA + with_items: "{{ nginx_vhosts }}" + when: item.selfsigned is defined and item.state == 'enable' and item.selfsigned == 'true' + notify: reload nginx + +- name: '[SELFSIGNED] - Generate OpenSSL Certificate Signing Request (CSR)' + openssl_csr: + path: '{{ ssl_src_path }}/{{ item.ssl_name }}/selfsigned.crs' + privatekey_path: '{{ ssl_src_path }}/{{ item.ssl_name }}/privkey.pem' + with_items: "{{ nginx_vhosts }}" + when: item.selfsigned is defined and item.state == 'enable' and item.selfsigned == 'true' + notify: reload nginx + +- name: '[SELFSIGNED] - Create a self-signed certificate' + openssl_certificate: + path: '{{ ssl_src_path }}/{{ item.ssl_name }}/fullchain.pem' + privatekey_path: '{{ ssl_src_path }}/{{ item.ssl_name }}/privkey.pem' + csr_path: '{{ ssl_src_path }}/{{ item.ssl_name }}/selfsigned.crs' + provider: selfsigned + with_items: "{{ nginx_vhosts }}" + when: item.selfsigned is defined and item.state == 'enable' and item.selfsigned == 'true' + notify: reload nginx