Initial commit

roles/create_www_cert/tasks/main.yml

@@ -0,0 +1,31 @@
+---
+- name: Install www directory
+  ansible.builtin.file:
+    path: /etc/pki/www.konchin.com
+    state: directory
+    mode: '0700'
+    owner: root
+    group: root
+
+- name: Create private key for www
+  community.crypto.openssl_privatekey:
+    path: /etc/pki/www.konchin.com/cert.key
+
+- name: Create CSR for www
+  community.crypto.openssl_csr_pipe:
+    privatekey_path: /etc/pki/www.konchin.com/cert.key
+    subject_alt_name:
+      - 'DNS:www.konchin.com'
+      - 'DNS:*.konchin.com'
+  register: csr
+
+- name: Sign with root ca
+  community.crypto.x509_certificate:
+    path: /etc/pki/www.konchin.com/cert.pem
+    csr_content: "{{ csr.csr }}"
+    provider: ownca
+    ownca_path: /etc/pki/konchin.com/rootca.pem
+    ownca_privatekey_path: /etc/pki/konchin.com/rootca.key
+    ownca_privatekey_passphrase: "{{ secret_ca_passphrase }}"
+    ownca_not_after: +365d  # valid for one year
+    ownca_not_before: "-1d"  # valid since yesterday