a-c-m
/
community.general
mirror of https://github.com/ansible-collections/community.general.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add support for adding the intermediate cert (#35144) 

acme-tiny generate certificate without adding add the LE intermediate
certificate, which make several browsers and curl complain.
pull/4420/head
Michael Scherer 2018-01-21 21:39:22 +01:00 committed by ansibot
parent bff862b05d
commit 8071cc0529
1 changed files with 13 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
lib/ansible/modules/crypto/openssl_certificate.py
View File

@ -102,6 +102,12 @@ options:
description: description:
- Path to the ACME challenge directory that is served on U(http://<HOST>:80/.well-known/acme-challenge/) - Path to the ACME challenge directory that is served on U(http://<HOST>:80/.well-known/acme-challenge/)
acme_chain:
default: True
description:
- Include the intermediate certificate to the generated certificate
version_added: "2.5"
signature_algorithms: signature_algorithms:
description: description:
- list of algorithms that you would accept the certificate to be signed with - list of algorithms that you would accept the certificate to be signed with
@ -723,6 +729,7 @@ class AcmeCertificate(Certificate):
super(AcmeCertificate, self).__init__(module) super(AcmeCertificate, self).__init__(module)
self.accountkey_path = module.params['acme_accountkey_path'] self.accountkey_path = module.params['acme_accountkey_path']
self.challenge_path = module.params['acme_challenge_path'] self.challenge_path = module.params['acme_challenge_path']
self.use_chain = module.params['acme_chain']
def generate(self, module): def generate(self, module):
@ -748,10 +755,13 @@ class AcmeCertificate(Certificate):
if not self.check(module, perms_required=False) or self.force: if not self.check(module, perms_required=False) or self.force:
acme_tiny_path = self.module.get_bin_path('acme-tiny', required=True) acme_tiny_path = self.module.get_bin_path('acme-tiny', required=True)
chain = ''
if self.use_chain:
chain = '--chain'
try: try:
crt = module.run_command("%s --account-key %s --csr %s" crt = module.run_command("%s %s --account-key %s --csr %s"
"--acme-dir %s" % (acme_tiny_path, "--acme-dir %s" % (acme_tiny_path, chain,
self.accountkey_path, self.accountkey_path,
self.csr_path, self.csr_path,
self.challenge_path), self.challenge_path),
@ -818,6 +828,7 @@ def main():
# provider: acme # provider: acme
acme_accountkey_path=dict(type='path'), acme_accountkey_path=dict(type='path'),
acme_challenge_path=dict(type='path'), acme_challenge_path=dict(type='path'),
acme_chain=dict(type='bool', default=True),
), ),
supports_check_mode=True, supports_check_mode=True,
add_file_common_args=True, add_file_common_args=True,