Open blaisep-sureify opened 2 years ago
... should I avoid the "managed" option and use "standalone" instead ?
Morning! Replying from a camp-site.
By default you will be using apache
for the certbot_system
. This means you end up with this task:
- name: get and install certificates (Managed)
ansible.builtin.command:
cmd: |
certbot --noninteractive
--{{ certbot_system }}
--domain {{ certbot_domains | join(',') }}
--agree-tos
--email {{ certbot_email }}
--no-redirect
creates: /etc/letsencrypt/accounts
when:
- certbot_ci_mode is not defined
- certbot_system != "standalone"
If a cmd
fails (exitstatus != 0) the task will fail.
In your case, I'm seeing ok
everywhere. Because creates: /etc/letsencrypt/accounts
is set to the task, the task will simply return ok
when /etc/letsencrypt/accounts
exists. It would be nicer to assume the task is done on some other file, but I can't figure out what file.
Proposed feature
What would be a good signal that the certificate was obtained? For example,
cerbot
CLI will end with:At the end of my play, I don't really know if I have a cert. The steps complete, but looking at the recap, it's not clear if any useful changes happened.
Rationale
For example, even though this task completes, I don't actually have a cert and I don't get an error message:
Additional context
Add any other context about the feature request here.
Please consider sponsoring me.