--- selfsigned_cert_hostnames: "{{ x509_certificate_hostnames }}" selfsigned_cert_name: "{{ x509_certificate_name | default(selfsigned_cert_hostnames[0]) }}" selfsigned_cert_base_dir: "/etc/ssl" selfsigned_cert_default_renew_margin: "+30d" selfsigned_cert_config: "{{ x509_certificate_config }}" # selfsigned_cert_config: # path: "{{ selfsigned_cert_base_dir }}/{{ selfsigned_cert_name }}" # mode: "0750" # owner: root # group: www-data # key: # mode: "0640" # owner: root # group: www-data # type: RSA # size: 4096 # cert: # mode: "0644" # owner: root # group: www-data # common_name: foo # san_extra: # - "IP:192.0.2.1" # country_name: "AT" # locality_name: "Graz" # organization_name: "spreadspace" # organizational_unit_name: "ansible" # state_or_province_name: "Styria" # basic_constraints: # - "CA:TRUE" # - "pathLen:0" # basic_constraints_critical: no # key_usage: # - digitalSignature # - keyAgreement # key_usage_critical: yes # extended_key_usage: # - serverAuth # extended_key_usage_critical: yes # create_subject_key_identifier: yes # digest: sha256 # not_before: +0h # not_after: +520w # renew_margin: +42d