Open ScuttleSE opened 7 years ago
You could make a list of lists and have the role go through that in a loop.
But if you're going through the trouble of wanting to keep domain separately, I would set letsencrypt_domains
at the inventory/playbook level for each domain.
Ah, well, the thing is that I have one nginx-server that acts as a reverse proxy for several applications behind that, so I serve about half a dozen or so different domains from one nginx-server.
Just doing separate lines in the playbook works, but something neater would be nice :)
You could make a list of lists and have the role go through that in a loop.
Hm, so something like this in the playbook would work?
letsencrypt_domains:
[ example.com ]
[ example2.com ]
[ example3.com ]
I have the same set up as you.
What I did was configure nginx to use the same certificate for each of those sites (my nginx roles lets you override the certificate name).
Would that work for you instead of going down the route of separate LE runs?
Well, yeah, that would work, but wouldn't that mean that if you look at the cert for example.com, you can see that it is also valid for example2.com, example3.com etc?
Yes, if someone inspected your certificate you would see each domain.
Mm...that's something I would like to avoid, but just running the role multiple times isn't a real problem, so I'll stick with that for now :)
This setup works just fine fyi
- hosts: proxy_server
roles:
- role: nginx-letsencrypt
letsencrypt_domains: [example.org, www.example.org]
- role: nginx-letsencrypt
letsencrypt_domains: [example.se, www.example.se]
If I understand this role, if I have multiple domains in letsencrypt_domains, i.e
letsencrypt_domains [ example.com, example2.com ]
It will create one cert that is valid for both domains. Is there an easy way to instead create separate certs for each domain, besides running the role multiple times and setting letsencrypt_domains in the playbook?