diff options
Diffstat (limited to 'test/integration/targets/setup_acme/tasks/obtain-cert.yml')
-rw-r--r-- | test/integration/targets/setup_acme/tasks/obtain-cert.yml | 140 |
1 files changed, 0 insertions, 140 deletions
diff --git a/test/integration/targets/setup_acme/tasks/obtain-cert.yml b/test/integration/targets/setup_acme/tasks/obtain-cert.yml deleted file mode 100644 index 98f5f80440..0000000000 --- a/test/integration/targets/setup_acme/tasks/obtain-cert.yml +++ /dev/null @@ -1,140 +0,0 @@ ---- -## PRIVATE KEY ################################################################################ -- name: ({{ certgen_title }}) Create cert private key (RSA) - command: "openssl genrsa -out {{ output_dir }}/{{ certificate_name }}.key {{ rsa_bits if key_type == 'rsa' else 2048 }}" - when: "key_type == 'rsa'" -- name: ({{ certgen_title }}) Create cert private key (ECC 256) - command: openssl ecparam -name prime256v1 -genkey -out {{ output_dir }}/{{ certificate_name }}.key - when: "key_type == 'ec256'" -- name: ({{ certgen_title }}) Create cert private key (ECC 384) - command: openssl ecparam -name secp384r1 -genkey -out {{ output_dir }}/{{ certificate_name }}.key - when: "key_type == 'ec384'" -- name: ({{ certgen_title }}) Create cert private key (ECC 512) - command: openssl ecparam -name secp521r1 -genkey -out {{ output_dir }}/{{ certificate_name }}.key - when: "key_type == 'ec521'" -## CSR ######################################################################################## -- name: ({{ certgen_title }}) Create cert CSR - openssl_csr: - path: "{{ output_dir }}/{{ certificate_name }}.csr" - privatekey_path: "{{ output_dir }}/{{ certificate_name }}.key" - subject_alt_name: "{{ subject_alt_name }}" - subject_alt_name_critical: "{{ subject_alt_name_critical }}" -## ACME STEP 1 ################################################################################ -- name: ({{ certgen_title }}) Obtain cert, step 1 - acme_certificate: - select_crypto_backend: "{{ select_crypto_backend }}" - acme_version: 2 - acme_directory: https://{{ acme_host }}:14000/dir - validate_certs: no - account_key: "{{ (output_dir ~ '/' ~ account_key ~ '.pem') if account_key_content is not defined else omit }}" - account_key_content: "{{ account_key_content | default(omit) }}" - modify_account: "{{ modify_account }}" - csr: "{{ output_dir }}/{{ certificate_name }}.csr" - dest: "{{ output_dir }}/{{ certificate_name }}.pem" - fullchain_dest: "{{ output_dir }}/{{ certificate_name }}-fullchain.pem" - chain_dest: "{{ output_dir }}/{{ certificate_name }}-chain.pem" - challenge: "{{ challenge }}" - deactivate_authzs: "{{ deactivate_authzs }}" - force: "{{ force }}" - remaining_days: "{{ remaining_days }}" - terms_agreed: "{{ terms_agreed }}" - account_email: "{{ account_email }}" - register: challenge_data -- name: ({{ certgen_title }}) Print challenge data - debug: - var: challenge_data -- name: ({{ certgen_title }}) Create HTTP challenges - uri: - url: "http://{{ acme_host }}:5000/http/{{ item.key }}/{{ item.value['http-01'].resource[('.well-known/acme-challenge/'|length):] }}" - method: PUT - body_format: raw - body: "{{ item.value['http-01'].resource_value }}" - headers: - content-type: "application/octet-stream" - with_dict: "{{ challenge_data.challenge_data }}" - when: "challenge_data is changed and challenge == 'http-01'" -- name: ({{ certgen_title }}) Create DNS challenges - uri: - url: "http://{{ acme_host }}:5000/dns/{{ item.key }}" - method: PUT - body_format: json - body: "{{ item.value }}" - with_dict: "{{ challenge_data.challenge_data_dns }}" - when: "challenge_data is changed and challenge == 'dns-01'" -- name: ({{ certgen_title }}) Create TLS ALPN challenges (acm_challenge_cert_helper) - acme_challenge_cert_helper: - challenge: tls-alpn-01 - challenge_data: "{{ item.value['tls-alpn-01'] }}" - private_key_src: "{{ output_dir }}/{{ certificate_name }}.key" - with_dict: "{{ challenge_data.challenge_data }}" - register: tls_alpn_challenges - when: "challenge_data is changed and challenge == 'tls-alpn-01' and (challenge_alpn_tls is defined and challenge_alpn_tls == 'acme_challenge_cert_helper')" -- name: ({{ certgen_title }}) Set TLS ALPN challenges (acm_challenge_cert_helper) - uri: - url: "http://{{ acme_host }}:5000/tls-alpn/{{ item.domain }}/{{ item.identifier }}/certificate-and-key" - method: PUT - body_format: raw - body: "{{ item.challenge_certificate }}\n{{ lookup('file', output_dir ~ '/' ~ certificate_name ~ '.key') }}" - headers: - content-type: "application/pem-certificate-chain" - with_items: "{{ tls_alpn_challenges.results }}" - when: "challenge_data is changed and challenge == 'tls-alpn-01' and (challenge_alpn_tls is defined and challenge_alpn_tls == 'acme_challenge_cert_helper')" -- name: ({{ certgen_title }}) Create TLS ALPN challenges (der-value-b64) - uri: - url: "http://{{ acme_host }}:5000/tls-alpn/{{ item.value['tls-alpn-01'].resource }}/{{ item.value['tls-alpn-01'].resource_original }}/der-value-b64" - method: PUT - body_format: raw - body: "{{ item.value['tls-alpn-01'].resource_value }}" - headers: - content-type: "application/octet-stream" - with_dict: "{{ challenge_data.challenge_data }}" - when: "challenge_data is changed and challenge == 'tls-alpn-01' and (challenge_alpn_tls is not defined or challenge_alpn_tls == 'der-value-b64')" -## ACME STEP 2 ################################################################################ -- name: ({{ certgen_title }}) Obtain cert, step 2 - acme_certificate: - select_crypto_backend: "{{ select_crypto_backend }}" - acme_version: 2 - acme_directory: https://{{ acme_host }}:14000/dir - validate_certs: no - account_key: "{{ (output_dir ~ '/' ~ account_key ~ '.pem') if account_key_content is not defined else omit }}" - account_key_content: "{{ account_key_content | default(omit) }}" - account_uri: "{{ challenge_data.account_uri }}" - modify_account: "{{ modify_account }}" - csr: "{{ output_dir }}/{{ certificate_name }}.csr" - dest: "{{ output_dir }}/{{ certificate_name }}.pem" - fullchain_dest: "{{ output_dir }}/{{ certificate_name }}-fullchain.pem" - chain_dest: "{{ output_dir }}/{{ certificate_name }}-chain.pem" - challenge: "{{ challenge }}" - deactivate_authzs: "{{ deactivate_authzs }}" - force: "{{ force }}" - remaining_days: "{{ remaining_days }}" - terms_agreed: "{{ terms_agreed }}" - account_email: "{{ account_email }}" - data: "{{ challenge_data }}" - retrieve_all_alternates: "{{ retrieve_all_alternates | default(omit) }}" - select_chain: "{{ select_chain | default(omit) if select_crypto_backend == 'cryptography' else omit }}" - register: certificate_obtain_result - when: challenge_data is changed -- name: ({{ certgen_title }}) Deleting HTTP challenges - uri: - url: "http://{{ acme_host }}:5000/http/{{ item.key }}/{{ item.value['http-01'].resource[('.well-known/acme-challenge/'|length):] }}" - method: DELETE - with_dict: "{{ challenge_data.challenge_data }}" - when: "challenge_data is changed and challenge == 'http-01'" -- name: ({{ certgen_title }}) Deleting DNS challenges - uri: - url: "http://{{ acme_host }}:5000/dns/{{ item.key }}" - method: DELETE - with_dict: "{{ challenge_data.challenge_data_dns }}" - when: "challenge_data is changed and challenge == 'dns-01'" -- name: ({{ certgen_title }}) Deleting TLS ALPN challenges - uri: - url: "http://{{ acme_host }}:5000/tls-alpn/{{ item.value['tls-alpn-01'].resource }}" - method: DELETE - with_dict: "{{ challenge_data.challenge_data }}" - when: "challenge_data is changed and challenge == 'tls-alpn-01'" -- name: ({{ certgen_title }}) Get root certificate - get_url: - url: "http://{{ acme_host }}:5000/root-certificate-for-ca/{{ acme_expected_root_number | default(0) if select_crypto_backend == 'cryptography' else 0 }}" - dest: "{{ output_dir }}/{{ certificate_name }}-root.pem" -############################################################################################### |