x509/certificates: generic config handling

2 files changed, 6 insertions, 0 deletions

diff --git a/roles/nginx/vhost/defaults/main.yml b/roles/nginx/vhost/defaults/main.yml
index 0eb67b42..834e1e10 100644
--- a/roles/nginx/vhost/defaults/main.yml
+++ b/roles/nginx/vhost/defaults/main.yml
@@ -34,6 +34,10 @@
 #     variant: legacy
 #     hsts: false
 #     certificate_provider: acmetool
+#     certificate_config:
+#       request:
+#         challenge:
+#           http-self-test: false
 #   hostnames:
 #   - static.example.com
 #   extra_directives: |-
diff --git a/roles/nginx/vhost/tasks/main.yml b/roles/nginx/vhost/tasks/main.yml
index 2c1f0f29..5468bcc6 100644
--- a/roles/nginx/vhost/tasks/main.yml
+++ b/roles/nginx/vhost/tasks/main.yml
@@ -4,6 +4,7 @@
   vars:
     x509_certificate_name: "{{ nginx_vhost.name }}"
     x509_certificate_hostnames: "{{ nginx_vhost.hostnames }}"
+    x509_certificate_config: "{{ nginx_vhost.tls.certificate_config | default({}) }}"
     x509_certificate_reload_services:
     - nginx
   include_role:
@@ -43,6 +44,7 @@
     vars:
       x509_certificate_name: "{{ nginx_vhost.name }}"
       x509_certificate_hostnames: "{{ nginx_vhost.hostnames }}"
+      x509_certificate_config: "{{ nginx_vhost.tls.certificate_config | default({}) }}"
       x509_certificate_reload_services:
       - nginx
     include_role: