search

geerlingguy / ansible-role-certbot

Ansible Role - Certbot (for Let's Encrypt)
https://galaxy.ansible.com/geerlingguy/certbot/
MIT License
793 stars 348 forks source link

Add "--expand" option for Certbot #180

Closed amotl closed 1 year ago

amotl commented 2 years ago

Dear Jeff,

thank you again for sharing one of your excellent projects with the Ansible community in form of this role.

Because we want to aim at maximum DWIM by implementing our systems automation infrastructure with Ansible, we are in dire need of support for the --expand option of Certbot, using its webroot method. So, we picked up the contribution #117 by @ymarkus (thanks a stack!), wrapped it up and added corresponding support for webroot.

After that, expanding the list of certbot_certs.domains by another item and re-running the corresponding playbook immediately resolved the problem for us, where, beforehand, another subdomain was added to the list and the recipe was not able to pick up the change, without reporting back any kind of error.

We hope you will like the patch. Thank you for taking the time to look into this.

With kind regards, Andreas.

/cc @w0rldart

P.S.: This patch has already been submitted with #171, but it was closed by stale bot and I wasn't able to discover how to reopen it.

Others also needing this: In order to install the improvements in this branch into your Ansible environment, you might either want to invoke

ansible-galaxy install git+https://github.com/cicerops/ansible-role-certbot.git,expand

or add this to your requirements.yaml file:

roles:

  - name: geerlingguy.certbot
    src: git+https://github.com/cicerops/ansible-role-certbot
    version: expand
stale[bot] commented 2 years ago

This pull request has been marked 'stale' due to lack of recent activity. If there is no further activity, the PR will be closed in another 30 days. Thank you for your contribution!

Please read this blog post to see the reasons why I mark pull requests as stale.

w0rldart commented 2 years ago

Another stale PR bites the dust. @geerlingguy are you still alive?

stale[bot] commented 2 years ago

This issue is no longer marked for closure.

geerlingguy commented 2 years ago

It looks like this PR adds two things, though—first, a difference in how it checks what certificates are present, and second the --expand option. Is it safe to always have the --expand option present like this?

w0rldart commented 2 years ago

This is what I get from the documentation


--expand tells Certbot to update an existing certificate with a new certificate that contains all of the old domains and one or more additional new domains. With the --expand option, use the -d option to specify all existing domains and one or more new domains.

                        If an existing certificate is a strict subset of the
                        requested names, always expand and replace it with the
                        additional names. (default: Ask)
stale[bot] commented 1 year ago

This pull request has been marked 'stale' due to lack of recent activity. If there is no further activity, the PR will be closed in another 30 days. Thank you for your contribution!

Please read this blog post to see the reasons why I mark pull requests as stale.

stale[bot] commented 1 year ago

This pull request has been closed due to inactivity. If you feel this is in error, please reopen the pull request or file a new PR with the relevant details.