--- static_ca_cert_hostnames: "{{ x509_certificate_hostnames }}" static_ca_cert_name: "{{ x509_certificate_name | default(static_ca_cert_hostnames[0]) }}" static_ca_cert_base_dir: "/etc/ssl" static_ca_cert_default_renew_margin: "+30d" static_ca_cert_config: "{{ x509_certificate_config }}" # static_ca_cert_config: # path: "{{ static_ca_cert_base_dir }}/{{ static_ca_cert_name }}" # mode: "0750" # owner: root # group: www-data # ca: # key_content: | # -----BEGIN RSA PRIVATE KEY----- # ... # -----END RSA PRIVATE KEY----- # cert_content: | # -----BEGIN CERTIFICATE----- # ... # -----END CERTIFICATE----- # key: # mode: "0640" # owner: root # group: www-data # type: RSA # size: 4096 # cert: # mode: "0644" # owner: root # group: www-data # common_name: foo # san_extra: # - "IP:192.0.2.1" # country_name: "AT" # locality_name: "Graz" # organization_name: "spreadspace" # organizational_unit_name: "ansible" # state_or_province_name: "Styria" # basic_constraints: # - "CA:FALSE" # basic_constraints_critical: no # key_usage: # - digitalSignature # - keyAgreement # key_usage_critical: yes # extended_key_usage: # - serverAuth # extended_key_usage_critical: yes # create_subject_key_identifier: yes # digest: sha256 # not_before: +0h # not_after: +520w # renew_margin: +42d