--- # Certbot SSL certificate setup tasks - name: Install Certbot and Nginx plugin apt: name: - certbot - python3-certbot-nginx state: present update_cache: yes - name: Create web root directory file: path: /var/www/html state: directory mode: '0755' - name: Create initial web page for ACME challenge copy: content: | ACME Challenge

ACME Challenge Page

This page is used for SSL certificate validation.

dest: /var/www/html/index.html mode: '0644' - name: Stop Nginx temporarily for initial certificate request systemd: name: nginx state: stopped - name: Obtain SSL certificate using standalone mode command: > certbot certonly --standalone --non-interactive --agree-tos --email {{ ssl_email }} --domains {{ trillium_domain }} register: certbot_result changed_when: certbot_result.rc == 0 failed_when: certbot_result.rc != 0 and "already exists" not in certbot_result.stderr - name: Start Nginx service systemd: name: nginx state: started - name: Setup automatic certificate renewal cron: name: "Certbot renewal" job: "/usr/bin/certbot renew --quiet --post-hook 'systemctl reload nginx'" minute: "0" hour: "2" user: root - name: Test certificate renewal command: certbot renew --dry-run register: certbot_test changed_when: false - name: Display certificate renewal test result debug: msg: "{{ certbot_test.stdout }}" - name: Verify SSL certificate exists stat: path: "/etc/letsencrypt/live/{{ trillium_domain }}/fullchain.pem" register: ssl_cert - name: Display SSL certificate status debug: msg: "SSL certificate for {{ trillium_domain }}: {{ 'exists' if ssl_cert.stat.exists else 'not found' }}"