--- managed_ca_cert_hostnames: "{{ x509_certificate_hostnames }}" managed_ca_cert_name: "{{ x509_certificate_name | default(managed_ca_cert_hostnames[0]) }}" managed_ca_cert_base_dir: "/etc/ssl" managed_ca_cert_default_renew_margin: "+30d" managed_ca_cert_config: "{{ x509_certificate_config }}" # managed_ca_cert_config: # path: "{{ managed_ca_cert_base_dir }}/{{ managed_ca_cert_name }}" # mode: "0750" # owner: root # group: www-data # ca: # host: inventory_name_of_ca_host # name: my-ca # key: # mode: "0640" # owner: root # group: www-data # type: RSA # size: 4096 # cert: # mode: "0644" # owner: root # group: www-data # common_name: foo # san_extra: # - "IP:192.0.2.1" # country_name: "AT" # locality_name: "Graz" # organization_name: "spreadspace" # organizational_unit_name: "ansible" # state_or_province_name: "Styria" # basic_constraints: # - "CA:FALSE" # basic_constraints_critical: no # key_usage: # - digitalSignature # - keyAgreement # key_usage_critical: yes # extended_key_usage: # - serverAuth # extended_key_usage_critical: yes # create_subject_key_identifier: yes # digest: sha256 # not_before: +0h # not_after: +520w # renew_margin: +42d