ansible/roles/letsencrypt/tasks/main.yml in subspace-0.1.3 vs ansible/roles/letsencrypt/tasks/main.yml in subspace-0.2.1

@@ -1,7 +1,8 @@
 ---
   - name: Install certbot dependencies
+    become: true
     apt:
       pkg: "{{item}}"
       state: present
     with_items:
       - augeas-lenses
@@ -17,77 +18,80 @@
       - python-dev
       - python-setuptools
       - python-virtualenv
       - python2.7-dev
 
+  - name: "Create certbot dir"
+    become: true
+    file:
+      path: "{{certbot_dir}}"
+      state: directory
+      mode: 0750
+
   - name: Get certbot
+    become: true
     get_url:
       url: "https://dl.eff.org/certbot-auto"
-      dest: "{{certbot_dir}}"
+      dest: "{{certbot_dir}}/certbot-auto"
       mode: a+x
 
-  - name: Run certbot
-    command: "{{certbot_dir}}/certbot-auto certonly --email {{letsencrypt_email}} --domains {{([server_name] + server_aliases) | join(',')}} --apache --agree-tos --non-interactive"
+  - name: Run default
+    become: true
+    command: "{{certbot_dir}}/certbot-auto certonly --email {{letsencrypt_email}} --domains {{([server_name] + server_aliases) | join(',')}} --apache --agree-tos --expand --non-interactive"
     args:
       creates: /etc/letsencrypt/live/{{server_name}}/cert.pem
 
   - name: Enable mod_rewrite
+    become: true
     apache2_module:
       name: rewrite
       state: present
-    sudo: true
 
+
   - name: Enable mod_ssl
+    become: true
     apache2_module:
       name: ssl
       state: present
-    sudo: true
 
   - name: Create SSL Apache config
+    become: true
     template:
       src: project-le-ssl.conf
       dest: /etc/apache2/sites-available/{{project_name}}-le-ssl.conf
-    sudo: true
     notify: apache restart
 
   - name: Symlink {{project_name}}-le-ssl.conf to sites-enabled
+    become: true
     file:
       src: /etc/apache2/sites-available/{{project_name}}-le-ssl.conf
       dest: /etc/apache2/sites-enabled/{{project_name}}-le-ssl.conf
       state: link
-    sudo: true
     notify: apache restart
 
-  - name: Force redirect to https (1/3)
+  - name: Force redirect to https (1/2)
+    become: true
     lineinfile:
       dest: /etc/apache2/sites-available/{{project_name}}.conf
       line: "RewriteEngine on"
       state: present
       insertbefore: "</VirtualHost>"
-    sudo: true
     notify: apache restart
 
-  - name: Force redirect to https (2/3)
+  - name: Force redirect to https (2/2)
+    become: true
     lineinfile:
       dest: /etc/apache2/sites-available/{{project_name}}.conf
-      line: "RewriteCond %{SERVER_NAME} ={{server_name}}"
+      line: "RewriteCond %{SERVER_NAME} ={{item}}\nRewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,NE,R=permanent]"
       state: present
       insertbefore: "</VirtualHost>"
-    sudo: true
+    with_items: "{{ ([server_name] + server_aliases) }}"
     notify: apache restart
 
-  - name: Force redirect to https (3/3)
-    lineinfile:
-      dest: /etc/apache2/sites-available/{{project_name}}.conf
-      line: "RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]"
-      state: present
-      insertbefore: "</VirtualHost>"
-    sudo: true
-    notify: apache restart
-
   - name: Setup cron job to auto renew
+    become: true
     cron:
       name: Auto-renew SSL
       job: "{{certbot_dir}}/certbot-auto renew --quiet --no-self-upgrade"
-      minute: 30
-      hour: "0,12"
+      hour: 0
+      minute: 33
       state: present