Renew service should not be limited on one domain

Certbot take care of all registred certificates by default. We should make use of it and not override this behaviour.
elan-ev · Aug 10, 2023 · a09ab4e · a09ab4e
1 parent 2262b12
commit a09ab4e
Show file tree

Hide file tree

Showing 4 changed files with 13 additions and 30 deletions.
diff --git a/handlers/main.yml b/handlers/main.yml
@@ -1,7 +1,7 @@
 ---
 
-- name: Restart certbot
-  systemd:
+- name: Enable certbot
+  ansible.builtin.systemd:
     name: certbot-renew.timer
-    state: restarted
+    enabled: true
     daemon_reload: true
diff --git a/tasks/main.yml b/tasks/main.yml
@@ -7,22 +7,20 @@
 - name: Install certbot package
   ansible.builtin.package:
     name: certbot
+  notify: Enable certbot
 
-- name: Install certbot services
-  ansible.builtin.template:
-    src: '{{ item }}'
-    dest: /etc/systemd/system/{{ item }}
-    mode: '0644'
+# This task should remove custom service definitions created by previous version of this role.
+# Certbot package come with a renew service definitions itself, why not using it?
+# It will renew all registred certificates by default and does not limit us on some domains.
+# You can remove this task on later versions.
+- name: Remove custom certbot services definition
+  ansible.builtin.file:
+    path: '/etc/systemd/system/{{ item }}'
+    state: absent
   loop:
     - certbot-renew.service
     - certbot-renew.timer
-  notify: Restart certbot
-
-- name: Start certbot service
-  ansible.builtin.service:
-    name: certbot-renew.timer
-    state: started
-    enabled: true
+  notify: Enable certbot
 
 - name: Generate initial certificate
   ansible.builtin.shell:

diff --git a/templates/certbot-renew.service b/templates/certbot-renew.service
diff --git a/templates/certbot-renew.timer b/templates/certbot-renew.timer