community.crypto/tests/integration/targets/setup_acme/tasks/obtain-cert.yml

---
## PRIVATE KEY ################################################################################
- name: ({{ certgen_title }}) Create cert private key
  openssl_privatekey:
    path: "{{ remote_tmp_dir }}/{{ certificate_name }}.key"
    type: "{{ 'RSA' if key_type == 'rsa' else 'ECC' }}"
    size: "{{ rsa_bits if key_type == 'rsa' else omit }}"
    curve: >-
      {{ omit if key_type == 'rsa' else
         'secp256r1' if key_type == 'ec256' else
         'secp384r1' if key_type == 'ec384' else
         'secp521r1' if key_type == 'ec521' else
         'invalid value for key_type!' }}
    passphrase: "{{ certificate_passphrase | default(omit) | default(omit, true) }}"
    cipher: "{{ 'auto' if certificate_passphrase | default() else omit }}"
    force: true
## CSR ########################################################################################
- name: ({{ certgen_title }}) Create cert CSR
  openssl_csr:
    path: "{{ remote_tmp_dir }}/{{ certificate_name }}.csr"
    privatekey_path: "{{ remote_tmp_dir }}/{{ certificate_name }}.key"
    privatekey_passphrase: "{{ certificate_passphrase | default(omit) | default(omit, true) }}"
    subject_alt_name: "{{ subject_alt_name }}"
    subject_alt_name_critical: "{{ subject_alt_name_critical }}"
    return_content: true
  register: csr_result
## ACME STEP 1 ################################################################################
- name: ({{ certgen_title }}) Obtain cert, step 1
  acme_certificate:
    select_crypto_backend: "{{ select_crypto_backend }}"
    acme_version: 2
    acme_directory: https://{{ acme_host }}:14000/dir
    validate_certs: no
    account_key: "{{ (remote_tmp_dir ~ '/' ~ account_key ~ '.pem') if account_key_content is not defined else omit }}"
    account_key_content: "{{ account_key_content | default(omit) }}"
    account_key_passphrase: "{{ account_key_passphrase | default(omit) | default(omit, true) }}"
    modify_account: "{{ modify_account }}"
    csr: "{{ omit if use_csr_content | default(false) else remote_tmp_dir ~ '/' ~ certificate_name ~ '.csr' }}"
    csr_content: "{{ csr_result.csr if use_csr_content | default(false) else omit }}"
    dest: "{{ remote_tmp_dir }}/{{ certificate_name }}.pem"
    fullchain_dest: "{{ remote_tmp_dir }}/{{ certificate_name }}-fullchain.pem"
    chain_dest: "{{ remote_tmp_dir }}/{{ certificate_name }}-chain.pem"
    challenge: "{{ challenge }}"
    deactivate_authzs: "{{ deactivate_authzs }}"
    force: "{{ force }}"
    remaining_days: "{{ remaining_days }}"
    terms_agreed: "{{ terms_agreed }}"
    account_email: "{{ account_email }}"
  register: challenge_data
- name: ({{ certgen_title }}) Print challenge data
  debug:
    var: challenge_data
- name: ({{ certgen_title }}) Create HTTP challenges
  uri:
    url: "http://{{ acme_host }}:5000/http/{{ item.key }}/{{ item.value['http-01'].resource[('.well-known/acme-challenge/'|length):] }}"
    method: PUT
    body_format: raw
    body: "{{ item.value['http-01'].resource_value }}"
    headers:
      content-type: "application/octet-stream"
  with_dict: "{{ challenge_data.challenge_data }}"
  when: "challenge_data is changed and challenge == 'http-01'"
- name: ({{ certgen_title }}) Create DNS challenges
  uri:
    url: "http://{{ acme_host }}:5000/dns/{{ item.key }}"
    method: PUT
    body_format: json
    body: "{{ item.value }}"
  with_dict: "{{ challenge_data.challenge_data_dns }}"
  when: "challenge_data is changed and challenge == 'dns-01'"
- name: ({{ certgen_title }}) Create TLS ALPN challenges (acme_challenge_cert_helper)
  acme_challenge_cert_helper:
    challenge: tls-alpn-01
    challenge_data: "{{ item.value['tls-alpn-01'] }}"
    private_key_src: "{{ remote_tmp_dir }}/{{ certificate_name }}.key"
    private_key_passphrase: "{{ certificate_passphrase | default(omit) | default(omit, true) }}"
  with_dict: "{{ challenge_data.challenge_data if challenge_data is changed and challenge == 'tls-alpn-01' and (challenge_alpn_tls | default('der-value-b64') == 'acme_challenge_cert_helper') else {} }}"
  register: tls_alpn_challenges
  when: "challenge_data is changed and challenge == 'tls-alpn-01' and (challenge_alpn_tls | default('der-value-b64') == 'acme_challenge_cert_helper')"
- name: ({{ certgen_title }}) Read private key
  slurp:
    src: '{{ remote_tmp_dir }}/{{ certificate_name }}.key'
  register: slurp
  when: "challenge_data is changed and challenge == 'tls-alpn-01' and (challenge_alpn_tls | default('der-value-b64') == 'acme_challenge_cert_helper')"
- name: ({{ certgen_title }}) Set TLS ALPN challenges (acme_challenge_cert_helper)
  uri:
    url: "http://{{ acme_host }}:5000/tls-alpn/{{ item.domain }}/{{ item.identifier }}/certificate-and-key"
    method: PUT
    body_format: raw
    body: "{{ item.challenge_certificate }}\n{{ slurp.content | b64decode }}"
    headers:
      content-type: "application/pem-certificate-chain"
  with_items: "{{ tls_alpn_challenges.results if challenge_data is changed and challenge == 'tls-alpn-01' and (challenge_alpn_tls | default('der-value-b64') == 'acme_challenge_cert_helper') else [] }}"
  when: "challenge_data is changed and challenge == 'tls-alpn-01' and (challenge_alpn_tls | default('der-value-b64') == 'acme_challenge_cert_helper')"
- name: ({{ certgen_title }}) Create TLS ALPN challenges (der-value-b64)
  uri:
    url: "http://{{ acme_host }}:5000/tls-alpn/{{ item.value['tls-alpn-01'].resource }}/{{ item.value['tls-alpn-01'].resource_original }}/der-value-b64"
    method: PUT
    body_format: raw
    body: "{{ item.value['tls-alpn-01'].resource_value }}"
    headers:
      content-type: "application/octet-stream"
  with_dict: "{{ challenge_data.challenge_data if challenge_data is changed and challenge == 'tls-alpn-01' and (challenge_alpn_tls | default('der-value-b64') == 'der-value-b64') else {} }}"
  when: "challenge_data is changed and challenge == 'tls-alpn-01' and (challenge_alpn_tls | default('der-value-b64') == 'der-value-b64')"
## ACME STEP 2 ################################################################################
- name: ({{ certgen_title }}) Obtain cert, step 2
  acme_certificate:
    select_crypto_backend: "{{ select_crypto_backend }}"
    acme_version: 2
    acme_directory: https://{{ acme_host }}:14000/dir
    validate_certs: no
    account_key: "{{ (remote_tmp_dir ~ '/' ~ account_key ~ '.pem') if account_key_content is not defined else omit }}"
    account_key_content: "{{ account_key_content | default(omit) }}"
    account_key_passphrase: "{{ account_key_passphrase | default(omit) | default(omit, true) }}"
    account_uri: "{{ challenge_data.account_uri }}"
    modify_account: "{{ modify_account }}"
    csr: "{{ omit if use_csr_content | default(false) else remote_tmp_dir ~ '/' ~ certificate_name ~ '.csr' }}"
    csr_content: "{{ csr_result.csr if use_csr_content | default(false) else omit }}"
    dest: "{{ remote_tmp_dir }}/{{ certificate_name }}.pem"
    fullchain_dest: "{{ remote_tmp_dir }}/{{ certificate_name }}-fullchain.pem"
    chain_dest: "{{ remote_tmp_dir }}/{{ certificate_name }}-chain.pem"
    challenge: "{{ challenge }}"
    deactivate_authzs: "{{ deactivate_authzs }}"
    force: "{{ force }}"
    remaining_days: "{{ remaining_days }}"
    terms_agreed: "{{ terms_agreed }}"
    account_email: "{{ account_email }}"
    data: "{{ challenge_data }}"
    retrieve_all_alternates: "{{ retrieve_all_alternates | default(omit) }}"
    select_chain: "{{ select_chain | default(omit) if select_crypto_backend == 'cryptography' else omit }}"
  register: certificate_obtain_result
  when: challenge_data is changed
- name: ({{ certgen_title }}) Deleting HTTP challenges
  uri:
    url: "http://{{ acme_host }}:5000/http/{{ item.key }}/{{ item.value['http-01'].resource[('.well-known/acme-challenge/'|length):] }}"
    method: DELETE
  with_dict: "{{ challenge_data.challenge_data }}"
  when: "challenge_data is changed and challenge == 'http-01'"
- name: ({{ certgen_title }}) Deleting DNS challenges
  uri:
    url: "http://{{ acme_host }}:5000/dns/{{ item.key }}"
    method: DELETE
  with_dict: "{{ challenge_data.challenge_data_dns }}"
  when: "challenge_data is changed and challenge == 'dns-01'"
- name: ({{ certgen_title }}) Deleting TLS ALPN challenges
  uri:
    url: "http://{{ acme_host }}:5000/tls-alpn/{{ item.value['tls-alpn-01'].resource }}"
    method: DELETE
  with_dict: "{{ challenge_data.challenge_data }}"
  when: "challenge_data is changed and challenge == 'tls-alpn-01'"
- name: ({{ certgen_title }}) Get root certificate
  get_url:
    url: "http://{{ acme_host }}:5000/root-certificate-for-ca/{{ acme_expected_root_number | default(0) if select_crypto_backend == 'cryptography' else 0 }}"
    dest: "{{ remote_tmp_dir }}/{{ certificate_name }}-root.pem"
###############################################################################################
Initial commit 2020-03-09 13:11:34 +00:00			`---`
			`## PRIVATE KEY ################################################################################`
acme_* modules: support private key passprases (#207) * Support private key passprases. * Use c.c modules for key generation, add first passphrase tests. * Some more passphrase tests. 2021-03-21 16:53:20 +00:00			`- name: ({{ certgen_title }}) Create cert private key`
			`openssl_privatekey:`
Improve CI (#268) * Remove superfluous remote_src. * Use temp dir twice instead of output_dir. * Use remote temp directory instead of output_dir. * Fix syntax error. * Add some fixes. * Copy more files to remote. * More fixes. * Fixing ACME/'cloud' tests. * Forgot when. * Try to fix filters. * Skip unnecessary steps. * Avoid collision. 2021-09-07 20:37:40 +00:00			`path: "{{ remote_tmp_dir }}/{{ certificate_name }}.key"`
acme_* modules: support private key passprases (#207) * Support private key passprases. * Use c.c modules for key generation, add first passphrase tests. * Some more passphrase tests. 2021-03-21 16:53:20 +00:00			`type: "{{ 'RSA' if key_type == 'rsa' else 'ECC' }}"`
			`size: "{{ rsa_bits if key_type == 'rsa' else omit }}"`
			`curve: >-`
			`{{ omit if key_type == 'rsa' else`
			`'secp256r1' if key_type == 'ec256' else`
			`'secp384r1' if key_type == 'ec384' else`
			`'secp521r1' if key_type == 'ec521' else`
			`'invalid value for key_type!' }}`
Improve CI (#281) * Install PyOpenSSL and cryptography from PyPi if target Python != system Python. * Work around some CentOS6, 7, Ubuntu 16.04 problems. Improve jinja2 compatibility handling. * Skip tasks that require properties that aren't always there. * Only install OpenSSL when not present. * Improve output. * Improve get_certificate integration test graceful failing. * Fix tests. * Fix assert. * OpenSSL peculiarities. * Fix condition. 2021-09-18 13:21:40 +00:00			`passphrase: "{{ certificate_passphrase \| default(omit) \| default(omit, true) }}"`
acme_* modules: support private key passprases (#207) * Support private key passprases. * Use c.c modules for key generation, add first passphrase tests. * Some more passphrase tests. 2021-03-21 16:53:20 +00:00			`cipher: "{{ 'auto' if certificate_passphrase \| default() else omit }}"`
			`force: true`
Initial commit 2020-03-09 13:11:34 +00:00			`## CSR ########################################################################################`
			`- name: ({{ certgen_title }}) Create cert CSR`
			`openssl_csr:`
Improve CI (#268) * Remove superfluous remote_src. * Use temp dir twice instead of output_dir. * Use remote temp directory instead of output_dir. * Fix syntax error. * Add some fixes. * Copy more files to remote. * More fixes. * Fixing ACME/'cloud' tests. * Forgot when. * Try to fix filters. * Skip unnecessary steps. * Avoid collision. 2021-09-07 20:37:40 +00:00			`path: "{{ remote_tmp_dir }}/{{ certificate_name }}.csr"`
			`privatekey_path: "{{ remote_tmp_dir }}/{{ certificate_name }}.key"`
Improve CI (#281) * Install PyOpenSSL and cryptography from PyPi if target Python != system Python. * Work around some CentOS6, 7, Ubuntu 16.04 problems. Improve jinja2 compatibility handling. * Skip tasks that require properties that aren't always there. * Only install OpenSSL when not present. * Improve output. * Improve get_certificate integration test graceful failing. * Fix tests. * Fix assert. * OpenSSL peculiarities. * Fix condition. 2021-09-18 13:21:40 +00:00			`privatekey_passphrase: "{{ certificate_passphrase \| default(omit) \| default(omit, true) }}"`
Initial commit 2020-03-09 13:11:34 +00:00			`subject_alt_name: "{{ subject_alt_name }}"`
			`subject_alt_name_critical: "{{ subject_alt_name_critical }}"`
Allow to pass CSR to acme_certificate as csr_content (#115) * Allow to pass CSR to acme_certificate as csr_content. * Make sure contents are bytes. * No need to write CSR to disk. * Forgot version_added. * Fix documentation. 2020-10-09 12:01:34 +00:00			`return_content: true`
			`register: csr_result`
Initial commit 2020-03-09 13:11:34 +00:00			`## ACME STEP 1 ################################################################################`
			`- name: ({{ certgen_title }}) Obtain cert, step 1`
			`acme_certificate:`
			`select_crypto_backend: "{{ select_crypto_backend }}"`
			`acme_version: 2`
			`acme_directory: https://{{ acme_host }}:14000/dir`
			`validate_certs: no`
Improve CI (#268) * Remove superfluous remote_src. * Use temp dir twice instead of output_dir. * Use remote temp directory instead of output_dir. * Fix syntax error. * Add some fixes. * Copy more files to remote. * More fixes. * Fixing ACME/'cloud' tests. * Forgot when. * Try to fix filters. * Skip unnecessary steps. * Avoid collision. 2021-09-07 20:37:40 +00:00			`account_key: "{{ (remote_tmp_dir ~ '/' ~ account_key ~ '.pem') if account_key_content is not defined else omit }}"`
Initial commit 2020-03-09 13:11:34 +00:00			`account_key_content: "{{ account_key_content \| default(omit) }}"`
Improve CI (#281) * Install PyOpenSSL and cryptography from PyPi if target Python != system Python. * Work around some CentOS6, 7, Ubuntu 16.04 problems. Improve jinja2 compatibility handling. * Skip tasks that require properties that aren't always there. * Only install OpenSSL when not present. * Improve output. * Improve get_certificate integration test graceful failing. * Fix tests. * Fix assert. * OpenSSL peculiarities. * Fix condition. 2021-09-18 13:21:40 +00:00			`account_key_passphrase: "{{ account_key_passphrase \| default(omit) \| default(omit, true) }}"`
Initial commit 2020-03-09 13:11:34 +00:00			`modify_account: "{{ modify_account }}"`
Improve CI (#268) * Remove superfluous remote_src. * Use temp dir twice instead of output_dir. * Use remote temp directory instead of output_dir. * Fix syntax error. * Add some fixes. * Copy more files to remote. * More fixes. * Fixing ACME/'cloud' tests. * Forgot when. * Try to fix filters. * Skip unnecessary steps. * Avoid collision. 2021-09-07 20:37:40 +00:00			`csr: "{{ omit if use_csr_content \| default(false) else remote_tmp_dir ~ '/' ~ certificate_name ~ '.csr' }}"`
Allow to pass CSR to acme_certificate as csr_content (#115) * Allow to pass CSR to acme_certificate as csr_content. * Make sure contents are bytes. * No need to write CSR to disk. * Forgot version_added. * Fix documentation. 2020-10-09 12:01:34 +00:00			`csr_content: "{{ csr_result.csr if use_csr_content \| default(false) else omit }}"`
Improve CI (#268) * Remove superfluous remote_src. * Use temp dir twice instead of output_dir. * Use remote temp directory instead of output_dir. * Fix syntax error. * Add some fixes. * Copy more files to remote. * More fixes. * Fixing ACME/'cloud' tests. * Forgot when. * Try to fix filters. * Skip unnecessary steps. * Avoid collision. 2021-09-07 20:37:40 +00:00			`dest: "{{ remote_tmp_dir }}/{{ certificate_name }}.pem"`
			`fullchain_dest: "{{ remote_tmp_dir }}/{{ certificate_name }}-fullchain.pem"`
			`chain_dest: "{{ remote_tmp_dir }}/{{ certificate_name }}-chain.pem"`
Initial commit 2020-03-09 13:11:34 +00:00			`challenge: "{{ challenge }}"`
			`deactivate_authzs: "{{ deactivate_authzs }}"`
			`force: "{{ force }}"`
			`remaining_days: "{{ remaining_days }}"`
			`terms_agreed: "{{ terms_agreed }}"`
			`account_email: "{{ account_email }}"`
			`register: challenge_data`
			`- name: ({{ certgen_title }}) Print challenge data`
			`debug:`
			`var: challenge_data`
			`- name: ({{ certgen_title }}) Create HTTP challenges`
			`uri:`
			`url: "http://{{ acme_host }}:5000/http/{{ item.key }}/{{ item.value['http-01'].resource[('.well-known/acme-challenge/'\|length):] }}"`
			`method: PUT`
			`body_format: raw`
			`body: "{{ item.value['http-01'].resource_value }}"`
			`headers:`
			`content-type: "application/octet-stream"`
			`with_dict: "{{ challenge_data.challenge_data }}"`
			`when: "challenge_data is changed and challenge == 'http-01'"`
			`- name: ({{ certgen_title }}) Create DNS challenges`
			`uri:`
			`url: "http://{{ acme_host }}:5000/dns/{{ item.key }}"`
			`method: PUT`
			`body_format: json`
			`body: "{{ item.value }}"`
			`with_dict: "{{ challenge_data.challenge_data_dns }}"`
			`when: "challenge_data is changed and challenge == 'dns-01'"`
Improve CI (#281) * Install PyOpenSSL and cryptography from PyPi if target Python != system Python. * Work around some CentOS6, 7, Ubuntu 16.04 problems. Improve jinja2 compatibility handling. * Skip tasks that require properties that aren't always there. * Only install OpenSSL when not present. * Improve output. * Improve get_certificate integration test graceful failing. * Fix tests. * Fix assert. * OpenSSL peculiarities. * Fix condition. 2021-09-18 13:21:40 +00:00			`- name: ({{ certgen_title }}) Create TLS ALPN challenges (acme_challenge_cert_helper)`
Initial commit 2020-03-09 13:11:34 +00:00			`acme_challenge_cert_helper:`
			`challenge: tls-alpn-01`
			`challenge_data: "{{ item.value['tls-alpn-01'] }}"`
Improve CI (#268) * Remove superfluous remote_src. * Use temp dir twice instead of output_dir. * Use remote temp directory instead of output_dir. * Fix syntax error. * Add some fixes. * Copy more files to remote. * More fixes. * Fixing ACME/'cloud' tests. * Forgot when. * Try to fix filters. * Skip unnecessary steps. * Avoid collision. 2021-09-07 20:37:40 +00:00			`private_key_src: "{{ remote_tmp_dir }}/{{ certificate_name }}.key"`
Improve CI (#281) * Install PyOpenSSL and cryptography from PyPi if target Python != system Python. * Work around some CentOS6, 7, Ubuntu 16.04 problems. Improve jinja2 compatibility handling. * Skip tasks that require properties that aren't always there. * Only install OpenSSL when not present. * Improve output. * Improve get_certificate integration test graceful failing. * Fix tests. * Fix assert. * OpenSSL peculiarities. * Fix condition. 2021-09-18 13:21:40 +00:00			`private_key_passphrase: "{{ certificate_passphrase \| default(omit) \| default(omit, true) }}"`
			`with_dict: "{{ challenge_data.challenge_data if challenge_data is changed and challenge == 'tls-alpn-01' and (challenge_alpn_tls \| default('der-value-b64') == 'acme_challenge_cert_helper') else {} }}"`
Initial commit 2020-03-09 13:11:34 +00:00			`register: tls_alpn_challenges`
Improve CI (#281) * Install PyOpenSSL and cryptography from PyPi if target Python != system Python. * Work around some CentOS6, 7, Ubuntu 16.04 problems. Improve jinja2 compatibility handling. * Skip tasks that require properties that aren't always there. * Only install OpenSSL when not present. * Improve output. * Improve get_certificate integration test graceful failing. * Fix tests. * Fix assert. * OpenSSL peculiarities. * Fix condition. 2021-09-18 13:21:40 +00:00			`when: "challenge_data is changed and challenge == 'tls-alpn-01' and (challenge_alpn_tls \| default('der-value-b64') == 'acme_challenge_cert_helper')"`
Improve CI (#268) * Remove superfluous remote_src. * Use temp dir twice instead of output_dir. * Use remote temp directory instead of output_dir. * Fix syntax error. * Add some fixes. * Copy more files to remote. * More fixes. * Fixing ACME/'cloud' tests. * Forgot when. * Try to fix filters. * Skip unnecessary steps. * Avoid collision. 2021-09-07 20:37:40 +00:00			`- name: ({{ certgen_title }}) Read private key`
			`slurp:`
			`src: '{{ remote_tmp_dir }}/{{ certificate_name }}.key'`
			`register: slurp`
Improve CI (#281) * Install PyOpenSSL and cryptography from PyPi if target Python != system Python. * Work around some CentOS6, 7, Ubuntu 16.04 problems. Improve jinja2 compatibility handling. * Skip tasks that require properties that aren't always there. * Only install OpenSSL when not present. * Improve output. * Improve get_certificate integration test graceful failing. * Fix tests. * Fix assert. * OpenSSL peculiarities. * Fix condition. 2021-09-18 13:21:40 +00:00			`when: "challenge_data is changed and challenge == 'tls-alpn-01' and (challenge_alpn_tls \| default('der-value-b64') == 'acme_challenge_cert_helper')"`
			`- name: ({{ certgen_title }}) Set TLS ALPN challenges (acme_challenge_cert_helper)`
Initial commit 2020-03-09 13:11:34 +00:00			`uri:`
			`url: "http://{{ acme_host }}:5000/tls-alpn/{{ item.domain }}/{{ item.identifier }}/certificate-and-key"`
			`method: PUT`
			`body_format: raw`
Improve CI (#268) * Remove superfluous remote_src. * Use temp dir twice instead of output_dir. * Use remote temp directory instead of output_dir. * Fix syntax error. * Add some fixes. * Copy more files to remote. * More fixes. * Fixing ACME/'cloud' tests. * Forgot when. * Try to fix filters. * Skip unnecessary steps. * Avoid collision. 2021-09-07 20:37:40 +00:00			`body: "{{ item.challenge_certificate }}\n{{ slurp.content \| b64decode }}"`
Initial commit 2020-03-09 13:11:34 +00:00			`headers:`
			`content-type: "application/pem-certificate-chain"`
Improve CI (#281) * Install PyOpenSSL and cryptography from PyPi if target Python != system Python. * Work around some CentOS6, 7, Ubuntu 16.04 problems. Improve jinja2 compatibility handling. * Skip tasks that require properties that aren't always there. * Only install OpenSSL when not present. * Improve output. * Improve get_certificate integration test graceful failing. * Fix tests. * Fix assert. * OpenSSL peculiarities. * Fix condition. 2021-09-18 13:21:40 +00:00			`with_items: "{{ tls_alpn_challenges.results if challenge_data is changed and challenge == 'tls-alpn-01' and (challenge_alpn_tls \| default('der-value-b64') == 'acme_challenge_cert_helper') else [] }}"`
			`when: "challenge_data is changed and challenge == 'tls-alpn-01' and (challenge_alpn_tls \| default('der-value-b64') == 'acme_challenge_cert_helper')"`
Initial commit 2020-03-09 13:11:34 +00:00			`- name: ({{ certgen_title }}) Create TLS ALPN challenges (der-value-b64)`
			`uri:`
			`url: "http://{{ acme_host }}:5000/tls-alpn/{{ item.value['tls-alpn-01'].resource }}/{{ item.value['tls-alpn-01'].resource_original }}/der-value-b64"`
			`method: PUT`
			`body_format: raw`
			`body: "{{ item.value['tls-alpn-01'].resource_value }}"`
			`headers:`
			`content-type: "application/octet-stream"`
Improve CI (#281) * Install PyOpenSSL and cryptography from PyPi if target Python != system Python. * Work around some CentOS6, 7, Ubuntu 16.04 problems. Improve jinja2 compatibility handling. * Skip tasks that require properties that aren't always there. * Only install OpenSSL when not present. * Improve output. * Improve get_certificate integration test graceful failing. * Fix tests. * Fix assert. * OpenSSL peculiarities. * Fix condition. 2021-09-18 13:21:40 +00:00			`with_dict: "{{ challenge_data.challenge_data if challenge_data is changed and challenge == 'tls-alpn-01' and (challenge_alpn_tls \| default('der-value-b64') == 'der-value-b64') else {} }}"`
			`when: "challenge_data is changed and challenge == 'tls-alpn-01' and (challenge_alpn_tls \| default('der-value-b64') == 'der-value-b64')"`
Initial commit 2020-03-09 13:11:34 +00:00			`## ACME STEP 2 ################################################################################`
			`- name: ({{ certgen_title }}) Obtain cert, step 2`
			`acme_certificate:`
			`select_crypto_backend: "{{ select_crypto_backend }}"`
			`acme_version: 2`
			`acme_directory: https://{{ acme_host }}:14000/dir`
			`validate_certs: no`
Improve CI (#268) * Remove superfluous remote_src. * Use temp dir twice instead of output_dir. * Use remote temp directory instead of output_dir. * Fix syntax error. * Add some fixes. * Copy more files to remote. * More fixes. * Fixing ACME/'cloud' tests. * Forgot when. * Try to fix filters. * Skip unnecessary steps. * Avoid collision. 2021-09-07 20:37:40 +00:00			`account_key: "{{ (remote_tmp_dir ~ '/' ~ account_key ~ '.pem') if account_key_content is not defined else omit }}"`
Initial commit 2020-03-09 13:11:34 +00:00			`account_key_content: "{{ account_key_content \| default(omit) }}"`
Improve CI (#281) * Install PyOpenSSL and cryptography from PyPi if target Python != system Python. * Work around some CentOS6, 7, Ubuntu 16.04 problems. Improve jinja2 compatibility handling. * Skip tasks that require properties that aren't always there. * Only install OpenSSL when not present. * Improve output. * Improve get_certificate integration test graceful failing. * Fix tests. * Fix assert. * OpenSSL peculiarities. * Fix condition. 2021-09-18 13:21:40 +00:00			`account_key_passphrase: "{{ account_key_passphrase \| default(omit) \| default(omit, true) }}"`
Initial commit 2020-03-09 13:11:34 +00:00			`account_uri: "{{ challenge_data.account_uri }}"`
			`modify_account: "{{ modify_account }}"`
Improve CI (#268) * Remove superfluous remote_src. * Use temp dir twice instead of output_dir. * Use remote temp directory instead of output_dir. * Fix syntax error. * Add some fixes. * Copy more files to remote. * More fixes. * Fixing ACME/'cloud' tests. * Forgot when. * Try to fix filters. * Skip unnecessary steps. * Avoid collision. 2021-09-07 20:37:40 +00:00			`csr: "{{ omit if use_csr_content \| default(false) else remote_tmp_dir ~ '/' ~ certificate_name ~ '.csr' }}"`
Allow to pass CSR to acme_certificate as csr_content (#115) * Allow to pass CSR to acme_certificate as csr_content. * Make sure contents are bytes. * No need to write CSR to disk. * Forgot version_added. * Fix documentation. 2020-10-09 12:01:34 +00:00			`csr_content: "{{ csr_result.csr if use_csr_content \| default(false) else omit }}"`
Improve CI (#268) * Remove superfluous remote_src. * Use temp dir twice instead of output_dir. * Use remote temp directory instead of output_dir. * Fix syntax error. * Add some fixes. * Copy more files to remote. * More fixes. * Fixing ACME/'cloud' tests. * Forgot when. * Try to fix filters. * Skip unnecessary steps. * Avoid collision. 2021-09-07 20:37:40 +00:00			`dest: "{{ remote_tmp_dir }}/{{ certificate_name }}.pem"`
			`fullchain_dest: "{{ remote_tmp_dir }}/{{ certificate_name }}-fullchain.pem"`
			`chain_dest: "{{ remote_tmp_dir }}/{{ certificate_name }}-chain.pem"`
Initial commit 2020-03-09 13:11:34 +00:00			`challenge: "{{ challenge }}"`
			`deactivate_authzs: "{{ deactivate_authzs }}"`
			`force: "{{ force }}"`
			`remaining_days: "{{ remaining_days }}"`
			`terms_agreed: "{{ terms_agreed }}"`
			`account_email: "{{ account_email }}"`
			`data: "{{ challenge_data }}"`
			`retrieve_all_alternates: "{{ retrieve_all_alternates \| default(omit) }}"`
			`select_chain: "{{ select_chain \| default(omit) if select_crypto_backend == 'cryptography' else omit }}"`
			`register: certificate_obtain_result`
			`when: challenge_data is changed`
			`- name: ({{ certgen_title }}) Deleting HTTP challenges`
			`uri:`
			`url: "http://{{ acme_host }}:5000/http/{{ item.key }}/{{ item.value['http-01'].resource[('.well-known/acme-challenge/'\|length):] }}"`
			`method: DELETE`
			`with_dict: "{{ challenge_data.challenge_data }}"`
			`when: "challenge_data is changed and challenge == 'http-01'"`
			`- name: ({{ certgen_title }}) Deleting DNS challenges`
			`uri:`
			`url: "http://{{ acme_host }}:5000/dns/{{ item.key }}"`
			`method: DELETE`
			`with_dict: "{{ challenge_data.challenge_data_dns }}"`
			`when: "challenge_data is changed and challenge == 'dns-01'"`
			`- name: ({{ certgen_title }}) Deleting TLS ALPN challenges`
			`uri:`
			`url: "http://{{ acme_host }}:5000/tls-alpn/{{ item.value['tls-alpn-01'].resource }}"`
			`method: DELETE`
			`with_dict: "{{ challenge_data.challenge_data }}"`
			`when: "challenge_data is changed and challenge == 'tls-alpn-01'"`
			`- name: ({{ certgen_title }}) Get root certificate`
			`get_url:`
			`url: "http://{{ acme_host }}:5000/root-certificate-for-ca/{{ acme_expected_root_number \| default(0) if select_crypto_backend == 'cryptography' else 0 }}"`
Improve CI (#268) * Remove superfluous remote_src. * Use temp dir twice instead of output_dir. * Use remote temp directory instead of output_dir. * Fix syntax error. * Add some fixes. * Copy more files to remote. * More fixes. * Fixing ACME/'cloud' tests. * Forgot when. * Try to fix filters. * Skip unnecessary steps. * Avoid collision. 2021-09-07 20:37:40 +00:00			`dest: "{{ remote_tmp_dir }}/{{ certificate_name }}-root.pem"`
Initial commit 2020-03-09 13:11:34 +00:00			`###############################################################################################`