-
Notifications
You must be signed in to change notification settings - Fork 0
/
letsencrypt_acme.yml
executable file
·26 lines (21 loc) · 1.24 KB
/
letsencrypt_acme.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
---
- name: Install ubnt-letsencrypt from https://github.com/j-c-m/ubnt-letsencrypt
get_url:
url: "https://raw.githubusercontent.com/j-c-m/ubnt-letsencrypt/master/install.sh"
dest: "/config/ubnt_letsencrypt_install.sh"
owner: "root"
group: "root"
mode: "0755"
- name: execute downloaded script
command: bash /config/ubnt_letsencrypt_install.sh
- name: Setup static host mapping for FQDN to the LAN IP.
command: set system static-host-mapping host-name subdomain.example.com inet 192.168.1.1
- name: Configure cert-file location for gui.
command: set service gui cert-file /config/ssl/server.pem
command: set service gui ca-file /config/ssl/ca.pem
- name: Configure task scheduler to renew certificate automatically.
command: set system task-scheduler task renew.acme executable path /config/scripts/renew.acme.sh
command: set system task-scheduler task renew.acme interval 1d
command: set system task-scheduler task renew.acme executable arguments '-d subdomain.example.com'
# You can include additional common names for your certificate, so long as they resolve to the same WAN address:
# command: set system task-scheduler task renew.acme executable arguments '-d subdomain.example.com -d subdomain2.example.com