Improve ACME tests; add acme_ari_info tests; use ARI and profiles features in acme_certificate tests (#841)
* Fix description. * Add basic acme_ari_info test. * Refactoring. * Extend acme_certificate tests.pull/842/head
Felix Fontein
GitHub
parent
fd67767538
commit
5366b9e5ba
|
|
@ -24,6 +24,12 @@ extends_documentation_fragment:
|
|||
- community.crypto.attributes
|
||||
- community.crypto.attributes.info_module
|
||||
- community.crypto.attributes.idempotent_not_modify_state
|
||||
attributes:
|
||||
idempotent:
|
||||
support: partial
|
||||
details:
|
||||
- The module is not idempotent if O(now) is a relative timestamp, or is not specified.
|
||||
- If O(use_ari=true), the module is not idempotent if O(ari_algorithm=standard).
|
||||
options:
|
||||
certificate_path:
|
||||
description:
|
||||
|
|
|
|||
|
|
@ -34,7 +34,7 @@
|
|||
select_crypto_backend: "{{ select_crypto_backend }}"
|
||||
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
|
||||
acme_version: 2
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
validate_certs: false
|
||||
state: present
|
||||
allow_creation: false
|
||||
|
|
@ -46,7 +46,7 @@
|
|||
select_crypto_backend: "{{ select_crypto_backend }}"
|
||||
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
|
||||
acme_version: 2
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
validate_certs: false
|
||||
state: present
|
||||
allow_creation: true
|
||||
|
|
@ -62,7 +62,7 @@
|
|||
select_crypto_backend: "{{ select_crypto_backend }}"
|
||||
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
|
||||
acme_version: 2
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
validate_certs: false
|
||||
state: present
|
||||
allow_creation: true
|
||||
|
|
@ -76,7 +76,7 @@
|
|||
select_crypto_backend: "{{ select_crypto_backend }}"
|
||||
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
|
||||
acme_version: 2
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
validate_certs: false
|
||||
state: present
|
||||
allow_creation: true
|
||||
|
|
@ -95,7 +95,7 @@
|
|||
select_crypto_backend: "{{ select_crypto_backend }}"
|
||||
account_key_content: "{{ slurp.content | b64decode }}"
|
||||
acme_version: 2
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
validate_certs: false
|
||||
state: present
|
||||
# allow_creation: false
|
||||
|
|
@ -110,7 +110,7 @@
|
|||
select_crypto_backend: "{{ select_crypto_backend }}"
|
||||
account_key_content: "{{ slurp.content | b64decode }}"
|
||||
acme_version: 2
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
validate_certs: false
|
||||
state: present
|
||||
# allow_creation: false
|
||||
|
|
@ -124,7 +124,7 @@
|
|||
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
|
||||
account_uri: "{{ account_created.account_uri }}"
|
||||
acme_version: 2
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
validate_certs: false
|
||||
state: present
|
||||
# allow_creation: false
|
||||
|
|
@ -138,7 +138,7 @@
|
|||
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
|
||||
account_uri: "{{ account_created.account_uri ~ '12345thisdoesnotexist' }}"
|
||||
acme_version: 2
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
validate_certs: false
|
||||
state: present
|
||||
contact: []
|
||||
|
|
@ -150,7 +150,7 @@
|
|||
select_crypto_backend: "{{ select_crypto_backend }}"
|
||||
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
|
||||
acme_version: 2
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
validate_certs: false
|
||||
state: present
|
||||
# allow_creation: false
|
||||
|
|
@ -164,7 +164,7 @@
|
|||
select_crypto_backend: "{{ select_crypto_backend }}"
|
||||
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
|
||||
acme_version: 2
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
validate_certs: false
|
||||
state: present
|
||||
# allow_creation: false
|
||||
|
|
@ -176,7 +176,7 @@
|
|||
select_crypto_backend: "{{ select_crypto_backend }}"
|
||||
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
|
||||
acme_version: 2
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
validate_certs: false
|
||||
state: present
|
||||
# allow_creation: false
|
||||
|
|
@ -188,7 +188,7 @@
|
|||
select_crypto_backend: "{{ select_crypto_backend }}"
|
||||
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
|
||||
acme_version: 2
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
validate_certs: false
|
||||
new_account_key_src: "{{ remote_tmp_dir }}/accountkey2.pem"
|
||||
new_account_key_passphrase: "{{ 'hunter2' if select_crypto_backend != 'openssl' else omit }}"
|
||||
|
|
@ -204,7 +204,7 @@
|
|||
select_crypto_backend: "{{ select_crypto_backend }}"
|
||||
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
|
||||
acme_version: 2
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
validate_certs: false
|
||||
new_account_key_src: "{{ remote_tmp_dir }}/accountkey2.pem"
|
||||
new_account_key_passphrase: "{{ 'hunter2' if select_crypto_backend != 'openssl' else omit }}"
|
||||
|
|
@ -219,7 +219,7 @@
|
|||
account_key_src: "{{ remote_tmp_dir }}/accountkey2.pem"
|
||||
account_key_passphrase: "{{ 'hunter2' if select_crypto_backend != 'openssl' else omit }}"
|
||||
acme_version: 2
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
validate_certs: false
|
||||
state: absent
|
||||
check_mode: true
|
||||
|
|
@ -232,7 +232,7 @@
|
|||
account_key_src: "{{ remote_tmp_dir }}/accountkey2.pem"
|
||||
account_key_passphrase: "{{ 'hunter2' if select_crypto_backend != 'openssl' else omit }}"
|
||||
acme_version: 2
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
validate_certs: false
|
||||
state: absent
|
||||
register: account_deactivate
|
||||
|
|
@ -243,7 +243,7 @@
|
|||
account_key_src: "{{ remote_tmp_dir }}/accountkey2.pem"
|
||||
account_key_passphrase: "{{ 'hunter2' if select_crypto_backend != 'openssl' else omit }}"
|
||||
acme_version: 2
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
validate_certs: false
|
||||
state: absent
|
||||
register: account_deactivate_idempotent
|
||||
|
|
@ -254,7 +254,7 @@
|
|||
account_key_src: "{{ remote_tmp_dir }}/accountkey2.pem"
|
||||
account_key_passphrase: "{{ 'hunter2' if select_crypto_backend != 'openssl' else omit }}"
|
||||
acme_version: 2
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
validate_certs: false
|
||||
state: present
|
||||
allow_creation: false
|
||||
|
|
@ -266,7 +266,7 @@
|
|||
select_crypto_backend: "{{ select_crypto_backend }}"
|
||||
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
|
||||
acme_version: 2
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
validate_certs: false
|
||||
state: present
|
||||
allow_creation: false
|
||||
|
|
@ -278,7 +278,7 @@
|
|||
select_crypto_backend: "{{ select_crypto_backend }}"
|
||||
account_key_src: "{{ remote_tmp_dir }}/{{ item.account }}.pem"
|
||||
acme_version: 2
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
validate_certs: false
|
||||
state: present
|
||||
allow_creation: true
|
||||
|
|
|
|||
|
|
@ -28,7 +28,7 @@
|
|||
select_crypto_backend: "{{ select_crypto_backend }}"
|
||||
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
|
||||
acme_version: 2
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
validate_certs: false
|
||||
register: account_not_created
|
||||
|
||||
|
|
@ -37,7 +37,7 @@
|
|||
select_crypto_backend: "{{ select_crypto_backend }}"
|
||||
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
|
||||
acme_version: 2
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
validate_certs: false
|
||||
state: present
|
||||
allow_creation: true
|
||||
|
|
@ -50,7 +50,7 @@
|
|||
select_crypto_backend: "{{ select_crypto_backend }}"
|
||||
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
|
||||
acme_version: 2
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
validate_certs: false
|
||||
register: account_created
|
||||
|
||||
|
|
@ -64,7 +64,7 @@
|
|||
select_crypto_backend: "{{ select_crypto_backend }}"
|
||||
account_key_content: "{{ slurp.content | b64decode }}"
|
||||
acme_version: 2
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
validate_certs: false
|
||||
state: present
|
||||
allow_creation: false
|
||||
|
|
@ -75,7 +75,7 @@
|
|||
select_crypto_backend: "{{ select_crypto_backend }}"
|
||||
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
|
||||
acme_version: 2
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
validate_certs: false
|
||||
account_uri: "{{ account_created.account_uri }}"
|
||||
register: account_modified
|
||||
|
|
@ -85,7 +85,7 @@
|
|||
select_crypto_backend: "{{ select_crypto_backend }}"
|
||||
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
|
||||
acme_version: 2
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
validate_certs: false
|
||||
account_uri: "{{ account_created.account_uri }}test1234doesnotexists"
|
||||
register: account_not_exist
|
||||
|
|
@ -95,7 +95,7 @@
|
|||
select_crypto_backend: "{{ select_crypto_backend }}"
|
||||
account_key_src: "{{ remote_tmp_dir }}/accountkey2.pem"
|
||||
acme_version: 2
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
validate_certs: false
|
||||
account_uri: "{{ account_created.account_uri }}"
|
||||
ignore_errors: true
|
||||
|
|
|
|||
|
|
@ -0,0 +1,10 @@
|
|||
# Copyright (c) Ansible Project
|
||||
# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
|
||||
# SPDX-License-Identifier: GPL-3.0-or-later
|
||||
|
||||
azp/generic/1
|
||||
azp/posix/1
|
||||
cloud/acme
|
||||
|
||||
# For some reason connecting to helper containers does not work on the Alpine VMs
|
||||
skip/alpine
|
||||
|
|
@ -0,0 +1,8 @@
|
|||
---
|
||||
# Copyright (c) Ansible Project
|
||||
# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
|
||||
# SPDX-License-Identifier: GPL-3.0-or-later
|
||||
|
||||
dependencies:
|
||||
- setup_acme
|
||||
- setup_remote_tmp_dir
|
||||
|
|
@ -0,0 +1,59 @@
|
|||
---
|
||||
# Copyright (c) Ansible Project
|
||||
# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
|
||||
# SPDX-License-Identifier: GPL-3.0-or-later
|
||||
|
||||
## SET UP ACCOUNT KEYS ########################################################################
|
||||
- block:
|
||||
- name: Generate account keys
|
||||
openssl_privatekey:
|
||||
path: "{{ remote_tmp_dir }}/{{ item.name }}.pem"
|
||||
type: "{{ item.type }}"
|
||||
size: "{{ item.size | default(omit) }}"
|
||||
curve: "{{ item.curve | default(omit) }}"
|
||||
force: true
|
||||
loop: "{{ account_keys }}"
|
||||
|
||||
vars:
|
||||
account_keys:
|
||||
- name: account-ec256
|
||||
type: ECC
|
||||
curve: secp256r1
|
||||
## CREATE ACCOUNTS AND OBTAIN CERTIFICATES ####################################################
|
||||
- name: Obtain cert 1
|
||||
include_tasks: obtain-cert.yml
|
||||
vars:
|
||||
certgen_title: Certificate 1 for renewal check
|
||||
certificate_name: cert-1
|
||||
key_type: rsa
|
||||
rsa_bits: "{{ default_rsa_key_size }}"
|
||||
subject_alt_name: "DNS:example.com"
|
||||
subject_alt_name_critical: false
|
||||
account_key: account-ec256
|
||||
challenge: http-01
|
||||
modify_account: true
|
||||
deactivate_authzs: false
|
||||
force: true
|
||||
remaining_days: "{{ omit }}"
|
||||
terms_agreed: true
|
||||
account_email: "example@example.org"
|
||||
## OBTAIN CERTIFICATE INFOS ###################################################################
|
||||
- name: Dump OpenSSL x509 info
|
||||
command:
|
||||
cmd: openssl x509 -in {{ remote_tmp_dir }}/cert-1.pem -noout -text
|
||||
- name: Obtain certificate information
|
||||
x509_certificate_info:
|
||||
path: "{{ remote_tmp_dir }}/cert-1.pem"
|
||||
register: cert_1_info
|
||||
- name: Read certificate
|
||||
slurp:
|
||||
src: '{{ remote_tmp_dir }}/cert-1.pem'
|
||||
register: slurp_cert_1
|
||||
- name: Obtain certificate information
|
||||
acme_ari_info:
|
||||
select_crypto_backend: "{{ select_crypto_backend }}"
|
||||
certificate_path: "{{ remote_tmp_dir }}/cert-1.pem"
|
||||
acme_version: 2
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
validate_certs: false
|
||||
register: cert_1
|
||||
|
|
@ -0,0 +1,44 @@
|
|||
---
|
||||
# Copyright (c) Ansible Project
|
||||
# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
|
||||
# SPDX-License-Identifier: GPL-3.0-or-later
|
||||
|
||||
####################################################################
|
||||
# WARNING: These are designed specifically for Ansible tests #
|
||||
# and should not be used as examples of how to write Ansible roles #
|
||||
####################################################################
|
||||
|
||||
- vars:
|
||||
acme_certificate_profile: "{{ 'default' if acme_supports_profiles else omit }}"
|
||||
when: acme_supports_ari
|
||||
block:
|
||||
- block:
|
||||
- name: Running tests with OpenSSL backend
|
||||
include_tasks: impl.yml
|
||||
vars:
|
||||
select_crypto_backend: openssl
|
||||
|
||||
- import_tasks: ../tests/validate.yml
|
||||
|
||||
# Old 0.9.8 versions have insufficient CLI support for signing with EC keys
|
||||
when: openssl_version.stdout is version('1.0.0', '>=')
|
||||
|
||||
- name: Remove output directory
|
||||
file:
|
||||
path: "{{ remote_tmp_dir }}"
|
||||
state: absent
|
||||
|
||||
- name: Re-create output directory
|
||||
file:
|
||||
path: "{{ remote_tmp_dir }}"
|
||||
state: directory
|
||||
|
||||
- block:
|
||||
- name: Running tests with cryptography backend
|
||||
include_tasks: impl.yml
|
||||
vars:
|
||||
select_crypto_backend: cryptography
|
||||
|
||||
- import_tasks: ../tests/validate.yml
|
||||
|
||||
when: cryptography_version.stdout is version('1.5', '>=')
|
||||
|
|
@ -0,0 +1 @@
|
|||
../../setup_acme/tasks/obtain-cert.yml
|
||||
|
|
@ -0,0 +1,17 @@
|
|||
---
|
||||
# Copyright (c) Ansible Project
|
||||
# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
|
||||
# SPDX-License-Identifier: GPL-3.0-or-later
|
||||
|
||||
- name: Validate results
|
||||
assert:
|
||||
that:
|
||||
- cert_1 is not changed
|
||||
- cert_1.renewal_info.explanationURL is string or cert_1.renewal_info.explanationURL is not defined
|
||||
- cert_1.renewal_info.retryAfter is string or cert_1.renewal_info.retryAfter is not defined
|
||||
- cert_1.renewal_info.suggestedWindow.start is string
|
||||
- cert_1.renewal_info.suggestedWindow.end is string
|
||||
- >-
|
||||
(cert_1.renewal_info.suggestedWindow.start | ansible.builtin.to_datetime('%Y-%m-%dT%H:%M:%SZ'))
|
||||
<
|
||||
(cert_1.renewal_info.suggestedWindow.end | ansible.builtin.to_datetime('%Y-%m-%dT%H:%M:%SZ'))
|
||||
|
|
@ -30,7 +30,7 @@
|
|||
acme_account:
|
||||
select_crypto_backend: "{{ select_crypto_backend }}"
|
||||
acme_version: 2
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
validate_certs: false
|
||||
account_key_src: "{{ remote_tmp_dir }}/account-ec256.pem"
|
||||
state: absent
|
||||
|
|
@ -42,7 +42,7 @@
|
|||
acme_account:
|
||||
select_crypto_backend: "{{ select_crypto_backend }}"
|
||||
acme_version: 2
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
validate_certs: false
|
||||
account_key_content: "{{ slurp.content | b64decode }}"
|
||||
state: present
|
||||
|
|
@ -55,7 +55,7 @@
|
|||
acme_account:
|
||||
select_crypto_backend: "{{ select_crypto_backend }}"
|
||||
acme_version: 2
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
validate_certs: false
|
||||
account_key_src: "{{ remote_tmp_dir }}/account-rsa.pem"
|
||||
state: present
|
||||
|
|
@ -170,6 +170,7 @@
|
|||
remaining_days: 1
|
||||
terms_agreed: false
|
||||
account_email: ""
|
||||
acme_certificate_profile: "{{ 'default' if acme_supports_profiles else omit }}"
|
||||
acme_expected_root_number: 2
|
||||
select_chain:
|
||||
- test_certificates: last
|
||||
|
|
@ -239,6 +240,8 @@
|
|||
terms_agreed: false
|
||||
account_email: ""
|
||||
use_csr_content: true
|
||||
acme_certificate_profile: "{{ '6days' if acme_supports_profiles else omit }}"
|
||||
acme_certificate_include_renewal_cert_id: when_ari_supported
|
||||
- name: Store obtain results for cert 5c
|
||||
set_fact:
|
||||
cert_5_recreate_2: "{{ challenge_data is changed }}"
|
||||
|
|
@ -467,7 +470,7 @@
|
|||
select_crypto_backend: "{{ select_crypto_backend }}"
|
||||
account_key_src: "{{ remote_tmp_dir }}/account-ec256.pem"
|
||||
acme_version: 2
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
validate_certs: false
|
||||
retrieve_orders: ignore
|
||||
register: account_orders_not
|
||||
|
|
@ -476,7 +479,7 @@
|
|||
select_crypto_backend: "{{ select_crypto_backend }}"
|
||||
account_key_src: "{{ remote_tmp_dir }}/account-ec256.pem"
|
||||
acme_version: 2
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
validate_certs: false
|
||||
retrieve_orders: url_list
|
||||
register: account_orders_urls
|
||||
|
|
@ -485,7 +488,7 @@
|
|||
select_crypto_backend: "{{ select_crypto_backend }}"
|
||||
account_key_src: "{{ remote_tmp_dir }}/account-ec384.pem"
|
||||
acme_version: 2
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
validate_certs: false
|
||||
retrieve_orders: url_list
|
||||
register: account_orders_urls2
|
||||
|
|
@ -494,7 +497,7 @@
|
|||
select_crypto_backend: "{{ select_crypto_backend }}"
|
||||
account_key_src: "{{ remote_tmp_dir }}/account-ec256.pem"
|
||||
acme_version: 2
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
validate_certs: false
|
||||
retrieve_orders: object_list
|
||||
register: account_orders_full
|
||||
|
|
@ -503,7 +506,7 @@
|
|||
select_crypto_backend: "{{ select_crypto_backend }}"
|
||||
account_key_src: "{{ remote_tmp_dir }}/account-ec384.pem"
|
||||
acme_version: 2
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
validate_certs: false
|
||||
retrieve_orders: object_list
|
||||
register: account_orders_full2
|
||||
|
|
|
|||
|
|
@ -29,7 +29,7 @@
|
|||
acme_certificate:
|
||||
select_crypto_backend: "{{ select_crypto_backend }}"
|
||||
acme_version: 2
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
validate_certs: false
|
||||
account_key_src: "{{ remote_tmp_dir }}/account-ec256.pem"
|
||||
modify_account: true
|
||||
|
|
@ -43,7 +43,7 @@
|
|||
|
||||
- name: Inspect order
|
||||
acme_inspect:
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
acme_version: 2
|
||||
validate_certs: false
|
||||
account_key_src: "{{ remote_tmp_dir }}/account-ec256.pem"
|
||||
|
|
@ -57,7 +57,7 @@
|
|||
|
||||
- name: Deactivate order (check mode)
|
||||
acme_certificate_deactivate_authz:
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
acme_version: 2
|
||||
validate_certs: false
|
||||
account_key_src: "{{ remote_tmp_dir }}/account-ec256.pem"
|
||||
|
|
@ -68,7 +68,7 @@
|
|||
|
||||
- name: Inspect order again
|
||||
acme_inspect:
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
acme_version: 2
|
||||
validate_certs: false
|
||||
account_key_src: "{{ remote_tmp_dir }}/account-ec256.pem"
|
||||
|
|
@ -82,7 +82,7 @@
|
|||
|
||||
- name: Deactivate order
|
||||
acme_certificate_deactivate_authz:
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
acme_version: 2
|
||||
validate_certs: false
|
||||
account_key_src: "{{ remote_tmp_dir }}/account-ec256.pem"
|
||||
|
|
@ -92,7 +92,7 @@
|
|||
|
||||
- name: Inspect order again
|
||||
acme_inspect:
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
acme_version: 2
|
||||
validate_certs: false
|
||||
account_key_src: "{{ remote_tmp_dir }}/account-ec256.pem"
|
||||
|
|
@ -106,7 +106,7 @@
|
|||
|
||||
- name: Deactivate order (check mode, idempotent)
|
||||
acme_certificate_deactivate_authz:
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
acme_version: 2
|
||||
validate_certs: false
|
||||
account_key_src: "{{ remote_tmp_dir }}/account-ec256.pem"
|
||||
|
|
@ -117,7 +117,7 @@
|
|||
|
||||
- name: Inspect order again
|
||||
acme_inspect:
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
acme_version: 2
|
||||
validate_certs: false
|
||||
account_key_src: "{{ remote_tmp_dir }}/account-ec256.pem"
|
||||
|
|
@ -131,7 +131,7 @@
|
|||
|
||||
- name: Deactivate order (idempotent)
|
||||
acme_certificate_deactivate_authz:
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
acme_version: 2
|
||||
validate_certs: false
|
||||
account_key_src: "{{ remote_tmp_dir }}/account-ec256.pem"
|
||||
|
|
@ -141,7 +141,7 @@
|
|||
|
||||
- name: Inspect order again
|
||||
acme_inspect:
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
acme_version: 2
|
||||
validate_certs: false
|
||||
account_key_src: "{{ remote_tmp_dir }}/account-ec256.pem"
|
||||
|
|
|
|||
|
|
@ -21,7 +21,7 @@
|
|||
|
||||
- name: Create ACME account
|
||||
acme_account:
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
acme_version: 2
|
||||
validate_certs: false
|
||||
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
|
||||
|
|
@ -48,7 +48,7 @@
|
|||
|
||||
- name: Create certificate order
|
||||
acme_certificate_order_create:
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
acme_version: 2
|
||||
validate_certs: false
|
||||
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
|
||||
|
|
@ -82,7 +82,7 @@
|
|||
|
||||
- name: Get order information
|
||||
acme_certificate_order_info:
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
acme_version: 2
|
||||
validate_certs: false
|
||||
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
|
||||
|
|
@ -131,7 +131,7 @@
|
|||
|
||||
- name: Let the challenge be validated
|
||||
community.crypto.acme_certificate_order_validate:
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
acme_version: 2
|
||||
validate_certs: false
|
||||
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
|
||||
|
|
@ -153,7 +153,7 @@
|
|||
|
||||
- name: Get order information
|
||||
acme_certificate_order_info:
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
acme_version: 2
|
||||
validate_certs: false
|
||||
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
|
||||
|
|
@ -191,7 +191,7 @@
|
|||
|
||||
- name: Let the challenge be validated (idempotent)
|
||||
community.crypto.acme_certificate_order_validate:
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
acme_version: 2
|
||||
validate_certs: false
|
||||
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
|
||||
|
|
@ -208,7 +208,7 @@
|
|||
|
||||
- name: Retrieve the cert and intermediate certificate
|
||||
community.crypto.acme_certificate_order_finalize:
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
acme_version: 2
|
||||
validate_certs: false
|
||||
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
|
||||
|
|
@ -250,7 +250,7 @@
|
|||
|
||||
- name: Get order information
|
||||
acme_certificate_order_info:
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
acme_version: 2
|
||||
validate_certs: false
|
||||
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
|
||||
|
|
@ -286,7 +286,7 @@
|
|||
|
||||
- name: Retrieve the cert and intermediate certificate (idempotent)
|
||||
community.crypto.acme_certificate_order_finalize:
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
acme_version: 2
|
||||
validate_certs: false
|
||||
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
|
||||
|
|
@ -314,7 +314,7 @@
|
|||
|
||||
- name: Get order information
|
||||
acme_certificate_order_info:
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
acme_version: 2
|
||||
validate_certs: false
|
||||
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
|
||||
|
|
|
|||
|
|
@ -54,7 +54,7 @@
|
|||
select_crypto_backend: "{{ select_crypto_backend }}"
|
||||
certificate_path: "{{ remote_tmp_dir }}/cert-1.pem"
|
||||
acme_version: 2
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
validate_certs: false
|
||||
register: cert_1_renewal_1
|
||||
- name: Obtain certificate information (2/11)
|
||||
|
|
@ -62,7 +62,7 @@
|
|||
select_crypto_backend: "{{ select_crypto_backend }}"
|
||||
certificate_path: "{{ remote_tmp_dir }}/cert-1.pem"
|
||||
acme_version: 2
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
validate_certs: false
|
||||
remaining_days: 1000
|
||||
remaining_percentage: 0.5
|
||||
|
|
@ -72,7 +72,7 @@
|
|||
select_crypto_backend: "{{ select_crypto_backend }}"
|
||||
certificate_content: "{{ slurp_cert_1.content | b64decode }}"
|
||||
acme_version: 2
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
validate_certs: false
|
||||
now: +1800d
|
||||
register: cert_1_renewal_3
|
||||
|
|
@ -81,7 +81,7 @@
|
|||
select_crypto_backend: "{{ select_crypto_backend }}"
|
||||
certificate_path: "{{ remote_tmp_dir }}/cert-1.pem"
|
||||
acme_version: 2
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
validate_certs: false
|
||||
now: +1800d
|
||||
remaining_days: 30
|
||||
|
|
@ -92,7 +92,7 @@
|
|||
select_crypto_backend: "{{ select_crypto_backend }}"
|
||||
certificate_path: "{{ remote_tmp_dir }}/cert-1.pem"
|
||||
acme_version: 2
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
validate_certs: false
|
||||
now: +1800d
|
||||
remaining_days: 30
|
||||
|
|
@ -103,7 +103,7 @@
|
|||
select_crypto_backend: "{{ select_crypto_backend }}"
|
||||
certificate_path: "{{ remote_tmp_dir }}/cert-1.pem"
|
||||
acme_version: 2
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
validate_certs: false
|
||||
now: +1800d
|
||||
remaining_days: 10
|
||||
|
|
@ -114,7 +114,7 @@
|
|||
select_crypto_backend: "{{ select_crypto_backend }}"
|
||||
certificate_path: "{{ remote_tmp_dir }}/cert-1.pem"
|
||||
acme_version: 2
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
validate_certs: false
|
||||
now: +1830d
|
||||
register: cert_1_renewal_7
|
||||
|
|
@ -122,7 +122,7 @@
|
|||
acme_certificate_renewal_info:
|
||||
select_crypto_backend: "{{ select_crypto_backend }}"
|
||||
acme_version: 2
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
validate_certs: false
|
||||
now: +1830d
|
||||
register: cert_1_renewal_8
|
||||
|
|
@ -131,7 +131,7 @@
|
|||
select_crypto_backend: "{{ select_crypto_backend }}"
|
||||
certificate_path: "{{ remote_tmp_dir }}/cert-does-not-exist.pem"
|
||||
acme_version: 2
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
validate_certs: false
|
||||
register: cert_1_renewal_9
|
||||
- name: Create broken file
|
||||
|
|
@ -145,7 +145,7 @@
|
|||
select_crypto_backend: "{{ select_crypto_backend }}"
|
||||
certificate_path: "{{ remote_tmp_dir }}/cert-is-broken.pem"
|
||||
acme_version: 2
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
validate_certs: false
|
||||
register: cert_1_renewal_10
|
||||
ignore_errors: true
|
||||
|
|
@ -155,6 +155,6 @@
|
|||
select_crypto_backend: "{{ select_crypto_backend }}"
|
||||
certificate_path: "{{ remote_tmp_dir }}/cert-is-broken.pem"
|
||||
acme_version: 2
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
validate_certs: false
|
||||
register: cert_1_renewal_11
|
||||
|
|
|
|||
|
|
@ -9,15 +9,8 @@
|
|||
####################################################################
|
||||
|
||||
- vars:
|
||||
# ARI and profiles have been added in https://github.com/ansible/ansible/pull/TODO
|
||||
# See also https://github.com/ansible/acme-test-container/pull/25
|
||||
supports_ari: "{{ ansible_version.full is version('2.19', '>=') }}"
|
||||
supports_profile: "{{ ansible_version.full is version('2.19', '>=') }}"
|
||||
|
||||
acme_certificate_profile: "{{ 'default' if supports_profile else omit }}"
|
||||
|
||||
acme_certificate_profile: "{{ 'default' if acme_supports_profiles else omit }}"
|
||||
block:
|
||||
|
||||
- block:
|
||||
- name: Running tests with OpenSSL backend
|
||||
include_tasks: impl.yml
|
||||
|
|
|
|||
|
|
@ -61,7 +61,7 @@
|
|||
- cert_1_renewal_11.cert_id is not defined
|
||||
- cert_1_renewal_11.exists == true
|
||||
- cert_1_renewal_11.parsable == false
|
||||
when: not supports_ari
|
||||
when: not acme_supports_ari
|
||||
|
||||
- name: Validate results without ARI
|
||||
assert:
|
||||
|
|
@ -81,24 +81,24 @@
|
|||
- cert_1_renewal_6.msg.startswith("The remaining percentage 3.0% of the certificate's lifespan was reached on ")
|
||||
- cert_1_renewal_6.supports_ari == false
|
||||
- cert_1_renewal_7.supports_ari == false
|
||||
when: not supports_ari
|
||||
when: not acme_supports_ari
|
||||
|
||||
- name: Validate results with ARI
|
||||
assert:
|
||||
that:
|
||||
- cert_1_renewal_1.supports_ari == supports_ari
|
||||
- cert_1_renewal_2.supports_ari == supports_ari
|
||||
- cert_1_renewal_1.supports_ari == true
|
||||
- cert_1_renewal_2.supports_ari == true
|
||||
- cert_1_renewal_3.should_renew == true
|
||||
- cert_1_renewal_3.msg == 'The suggested renewal interval provided by ARI is in the past'
|
||||
- cert_1_renewal_3.supports_ari == supports_ari
|
||||
- cert_1_renewal_3.supports_ari == true
|
||||
- cert_1_renewal_4.should_renew == true
|
||||
- cert_1_renewal_4.msg == 'The suggested renewal interval provided by ARI is in the past'
|
||||
- cert_1_renewal_4.supports_ari == supports_ari
|
||||
- cert_1_renewal_4.supports_ari == true
|
||||
- cert_1_renewal_5.should_renew == true
|
||||
- cert_1_renewal_5.msg == 'The suggested renewal interval provided by ARI is in the past'
|
||||
- cert_1_renewal_5.supports_ari == supports_ari
|
||||
- cert_1_renewal_5.supports_ari == true
|
||||
- cert_1_renewal_6.should_renew == true
|
||||
- cert_1_renewal_6.msg == 'The suggested renewal interval provided by ARI is in the past'
|
||||
- cert_1_renewal_6.supports_ari == supports_ari
|
||||
- cert_1_renewal_6.supports_ari == true
|
||||
- cert_1_renewal_7.supports_ari == false
|
||||
when: supports_ari
|
||||
when: acme_supports_ari
|
||||
|
|
|
|||
|
|
@ -87,7 +87,7 @@
|
|||
account_key_src: "{{ remote_tmp_dir }}/account-ec256.pem"
|
||||
certificate: "{{ remote_tmp_dir }}/cert-1.pem"
|
||||
acme_version: 2
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
validate_certs: false
|
||||
ignore_errors: true
|
||||
register: cert_1_revoke
|
||||
|
|
@ -98,7 +98,7 @@
|
|||
private_key_passphrase: "{{ 'hunter2' if select_crypto_backend != 'openssl' else omit }}"
|
||||
certificate: "{{ remote_tmp_dir }}/cert-2.pem"
|
||||
acme_version: 2
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
validate_certs: false
|
||||
ignore_errors: true
|
||||
register: cert_2_revoke
|
||||
|
|
@ -112,7 +112,7 @@
|
|||
account_key_content: "{{ slurp_account_key.content | b64decode }}"
|
||||
certificate: "{{ remote_tmp_dir }}/cert-3-fullchain.pem"
|
||||
acme_version: 2
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
validate_certs: false
|
||||
ignore_errors: true
|
||||
register: cert_3_revoke
|
||||
|
|
|
|||
|
|
@ -24,7 +24,7 @@
|
|||
|
||||
- name: Get directory
|
||||
acme_inspect:
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
acme_version: 2
|
||||
validate_certs: false
|
||||
method: directory-only
|
||||
|
|
@ -34,7 +34,7 @@
|
|||
|
||||
- name: Create an account
|
||||
acme_inspect:
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
acme_version: 2
|
||||
validate_certs: false
|
||||
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
|
||||
|
|
@ -49,7 +49,7 @@
|
|||
|
||||
- name: Get account information
|
||||
acme_inspect:
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
acme_version: 2
|
||||
validate_certs: false
|
||||
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
|
||||
|
|
@ -62,7 +62,7 @@
|
|||
|
||||
- name: Update account contacts
|
||||
acme_inspect:
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
acme_version: 2
|
||||
validate_certs: false
|
||||
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
|
||||
|
|
@ -82,7 +82,7 @@
|
|||
|
||||
- name: Create certificate order
|
||||
acme_inspect:
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
acme_version: 2
|
||||
validate_certs: false
|
||||
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
|
||||
|
|
@ -106,7 +106,7 @@
|
|||
|
||||
- name: Get order information
|
||||
acme_inspect:
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
acme_version: 2
|
||||
validate_certs: false
|
||||
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
|
||||
|
|
@ -119,7 +119,7 @@
|
|||
|
||||
- name: Get authzs for order
|
||||
acme_inspect:
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
acme_version: 2
|
||||
validate_certs: false
|
||||
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
|
||||
|
|
@ -133,7 +133,7 @@
|
|||
|
||||
- name: Get HTTP-01 challenge for authz
|
||||
acme_inspect:
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
acme_version: 2
|
||||
validate_certs: false
|
||||
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
|
||||
|
|
@ -147,7 +147,7 @@
|
|||
|
||||
- name: Activate HTTP-01 challenge manually
|
||||
acme_inspect:
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
acme_version: 2
|
||||
validate_certs: false
|
||||
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
|
||||
|
|
@ -162,7 +162,7 @@
|
|||
|
||||
- name: Get HTTP-01 challenge results
|
||||
acme_inspect:
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
acme_version: 2
|
||||
validate_certs: false
|
||||
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
|
||||
|
|
|
|||
|
|
@ -8,5 +8,20 @@
|
|||
# and should not be used as examples of how to write Ansible roles #
|
||||
####################################################################
|
||||
|
||||
- debug:
|
||||
msg: "ACME test container IP is {{ acme_host }}; OpenSSL version is {{ openssl_version.stdout }}; cryptography version is {{ cryptography_version.stdout }}"
|
||||
- name: Set ACME server information
|
||||
set_fact:
|
||||
# ARI and profiles have been added in https://github.com/ansible/ansible/pull/84547
|
||||
# See also https://github.com/ansible/acme-test-container/pull/25
|
||||
acme_supports_ari: "{{ ansible_version.full is version('2.19', '>=') }}"
|
||||
acme_supports_profiles: "{{ ansible_version.full is version('2.19', '>=') }}"
|
||||
acme_directory_url: "https://{{ acme_host }}:14000/dir"
|
||||
|
||||
- name: Print ACME server information
|
||||
debug:
|
||||
msg: |-
|
||||
ACME test container IP is {{ acme_host }}
|
||||
ACME directory: {{ acme_directory_url }}
|
||||
ACME server supports ARI: {{ acme_supports_ari }}
|
||||
ACME server supports profiles: {{ acme_supports_profiles }}
|
||||
OpenSSL version is {{ openssl_version.stdout }}
|
||||
cryptography version is {{ cryptography_version.stdout }}
|
||||
|
|
|
|||
|
|
@ -32,7 +32,7 @@
|
|||
acme_certificate:
|
||||
select_crypto_backend: "{{ select_crypto_backend }}"
|
||||
acme_version: 2
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
validate_certs: false
|
||||
account_key: "{{ (remote_tmp_dir ~ '/' ~ account_key ~ '.pem') if account_key_content is not defined else omit }}"
|
||||
account_key_content: "{{ account_key_content | default(omit) }}"
|
||||
|
|
@ -50,6 +50,7 @@
|
|||
terms_agreed: "{{ terms_agreed }}"
|
||||
account_email: "{{ account_email }}"
|
||||
profile: "{{ acme_certificate_profile | default(omit) }}"
|
||||
include_renewal_cert_id: "{{ acme_certificate_include_renewal_cert_id | default(omit) }}"
|
||||
register: challenge_data
|
||||
- name: ({{ certgen_title }}) Print challenge data
|
||||
debug:
|
||||
|
|
@ -111,7 +112,7 @@
|
|||
acme_certificate:
|
||||
select_crypto_backend: "{{ select_crypto_backend }}"
|
||||
acme_version: 2
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
validate_certs: false
|
||||
account_key: "{{ (remote_tmp_dir ~ '/' ~ account_key ~ '.pem') if account_key_content is not defined else omit }}"
|
||||
account_key_content: "{{ account_key_content | default(omit) }}"
|
||||
|
|
|
|||
|
|
@ -34,7 +34,7 @@
|
|||
csr_path: '{{ remote_tmp_dir }}/cert-1.csr'
|
||||
acme_accountkey_path: '{{ remote_tmp_dir }}/account.key'
|
||||
acme_challenge_path: '{{ remote_tmp_dir }}/challenges/'
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
environment:
|
||||
PATH: '{{ lookup("env", "PATH") }}:{{ remote_tmp_dir }}'
|
||||
|
||||
|
|
@ -56,7 +56,7 @@
|
|||
csr_path: '{{ remote_tmp_dir }}/cert-2.csr'
|
||||
acme_accountkey_path: '{{ remote_tmp_dir }}/account.key'
|
||||
acme_challenge_path: '{{ remote_tmp_dir }}/challenges/'
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
environment:
|
||||
PATH: '{{ lookup("env", "PATH") }}:{{ remote_tmp_dir }}'
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue