Closed jmeldrum76 closed 3 years ago
@jmeldrum76 I think what you've described here is the desired behavior. We only want to renew certificates when they need to be (i.e. they're close to expiring). That said, I'm not sure we have implemented the renewal functionality for this project since we've not had any requests for it until now.
@jmeldrum76 We have now implemented the renewal functionality I mentioned in my previous comment (https://github.com/Venafi/ansible-role-venafi/pull/19). By default certificates will be renewed if they are within 72 hours of expiration. You can override the default using the before_expired_hours
role parameter and also prevent renewal from happening by setting the renew
role parameter to false. Please confirm this result when you have a chance to test again.
PROBLEM SUMMARY Unable to renew a certificate if the certificate exists in the destination directory
STEPS TO REPRODUCE
user: 'myuser' password: 'mypassword' url: 'https://venafi_server/vedsdk/' zone: "Demo\APIs\Ansible" trust_bundle: "/home/venafilab/ansible/venafilab_trust_bundle.pem"
certificate_common_name: "{{ ansible_fqdn }}.alex-test.venafi.com"
certificate_common_name: "testcert2.se.venafi.com" certificate_cert_dir: "/tmp/etc/ssl/{{ certificate_common_name }}"