Skip to content

Normalize SSL providers #896

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 2 commits into from
Closed

Normalize SSL providers #896

wants to merge 2 commits into from

Conversation

tangrufus
Copy link
Member

Normalize SSL providers manual and self-signed

  • Putting Nginx SSL configs in {{ nginx_path }}/includes.d/{{ item.key }}/ssl

  • Putting certificates in {{ nginx_ssl_path }}/manual-certificates or {{ nginx_ssl_path }}/self-signed-certificates

Add Certbot

This is actually a failed attempt to replace letsencrypt with Certbot. I can't get multiple-servers implemented using Certbot. Help wanted!

See: #893

@tangrufus
Copy link
Member Author

tangrufus commented Sep 21, 2017
edited
Loading

Besides, Certbot doesn't:

@swalkinshaw
Copy link
Member

There's also two built-in Ansible modules which we could look into:

@tangrufus
Copy link
Member Author

The openssl_certificate_module requires ansiable 2.4. Is #895 going to be merged soon?

The letsencrypt_module requires us to change Nginx back and forth for acme challenge. Certbot handles it for us. I think Certbot simplifies everything.

@swalkinshaw
Copy link
Member

If openssl_certificate actually helps/is simpler then we have no problem requiring 2.4 asap.

Our current LE implementation is a little convoluted so I'm open to any solution which simplifies it. Although I do think we have some more unique requirements with it.

@tangrufus
Copy link
Member Author

openssl_certificate looks nice. Updated self-signed-certificate to use it.

Removed Certbot because:

Rebased upon d96a58f. Actual changes here: ansible-2.4...TangRufus:ssl-providers

@tangrufus tangrufus changed the title Normalize SSL providers and add Certbot Normalize SSL providers Sep 21, 2017
@tangrufus tangrufus mentioned this pull request Sep 22, 2017
Open
@swalkinshaw swalkinshaw added this to the 1.0.0 milestone Sep 25, 2017
@swalkinshaw
Copy link
Member

@tangrufus can this get a rebase?

@tangrufus
Copy link
Member Author

Rebased. Note that I modified server.yml and dev.yml because ssl providers need to be tagged. Otherwise, wordpress-setup deletes their nginx config files.

@swalkinshaw
Copy link
Member

Tested and working great 👍

Only thing I ran into due to our current tags is if you want to enable SSL after, and only use a wordpress or wordpress-setup tag, Nginx will fail because dhparams weren't initially generated.

So if we want a common tag which would run all Nginx related tasks/roles, we might want to introduce a new one, or just apply wordpress-setup to nginx as well?

@tangrufus
Copy link
Member Author

I vote for applying wordpress-setup to nginx because this also helps when adding or removing sites, i.e.: Create Nginx available sites & Enable or disable Nginx sites tasks

@fullyint fullyint mentioned this pull request Mar 11, 2018
Closed
5 tasks
@tangrufus tangrufus mentioned this pull request Nov 18, 2018
Closed
@tangrufus tangrufus mentioned this pull request Feb 18, 2020
Closed
@swalkinshaw swalkinshaw mentioned this pull request Aug 29, 2021
Open
6 tasks
@swalkinshaw swalkinshaw closed this Dec 4, 2021
@swalkinshaw swalkinshaw mentioned this pull request Jul 20, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
1.0.0
Development

Successfully merging this pull request may close these issues.
2 participants
@tangrufus @swalkinshaw