Closed fredericmoulins closed 3 years ago
let's use only the acl module to set access rights on the letsencrypt directory structure, and avoid using chmod through the files module, which resets the acl rules configured by cert-perms (fixes the slapd not restarting on certificate renewal when running the playbook on an already deployed server);
As far as I am aware, I fixed this. I will need to see what improvements this patches does compared to the previous one
Quite a few things, mainly:
acl
module to set access rights on the letsencrypt directory structure, and avoid usingchmod
through thefiles
module, which resets the acl rules configured bycert-perms
(fixes the slapd not restarting on certificate renewal when running the playbook on an already deployed server);extra-certs
to usecertificates-all
;acme-challenge
location.Please see commit messages for further details.