summaryrefslogtreecommitdiff
path: root/roles/x509/ownca/cert/prepare/tasks/main.yml
diff options
context:
space:
mode:
Diffstat (limited to 'roles/x509/ownca/cert/prepare/tasks/main.yml')
-rw-r--r--roles/x509/ownca/cert/prepare/tasks/main.yml15
1 files changed, 15 insertions, 0 deletions
diff --git a/roles/x509/ownca/cert/prepare/tasks/main.yml b/roles/x509/ownca/cert/prepare/tasks/main.yml
index dc8b68a6..7f81d125 100644
--- a/roles/x509/ownca/cert/prepare/tasks/main.yml
+++ b/roles/x509/ownca/cert/prepare/tasks/main.yml
@@ -21,6 +21,7 @@
type: "{{ ownca_cert_config.key.type | default(omit) }}"
size: "{{ ownca_cert_config.key.size | default(omit) }}"
notify: reload services for x509 certificates
+ register: _ownca_key_
- name: generate csr for ownca certificate
community.crypto.openssl_csr:
@@ -75,6 +76,7 @@
ownca_not_after: "{{ ownca_cert_config.cert.not_after | default(omit) }}"
force: "{{ _ownca_cert_file_.stat.exists and (not _ownca_cert_info_.valid_at.renew_margin) }}"
notify: reload services for x509 certificates
+ register: _ownca_cert_
- name: export paths to certificate files
set_fact:
@@ -82,3 +84,16 @@
x509_certificate_path_cert: "{{ ownca_cert_path }}/{{ ownca_cert_name }}-crt.pem"
x509_certificate_path_chain: ""
x509_certificate_path_fullchain: "{{ ownca_cert_path }}/{{ ownca_cert_name }}-crt.pem"
+
+- name: generate custom post-renewal script
+ when: x509_certificate_renewal is defined
+ template:
+ src: updated.sh.j2
+ dest: "{{ ownca_cert_path }}/updated.sh"
+ mode: 0755
+
+- name: call custom post-renewal script
+ when:
+ - x509_certificate_renewal is defined
+ - (_ownca_key_ is changed) or (_ownca_cert_ is changed)
+ command: "{{ ownca_cert_path }}/updated.sh"
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-05 07:59:16 +0000