Solved wildcard certificate for non-wildcard domains and network variable bug

2025-03-31 14:24:16 +02:00 · 2025-02-03 16:05:25 +01:00 · 2025-02-03 16:05:25 +01:00 · 8e2c8360d4
commit 8e2c8360d4
parent b91a132407
4 changed files with 12 additions and 7 deletions
--- a/roles/docker-bigbluebutton/templates/env.j2
+++ b/roles/docker-bigbluebutton/templates/env.j2
@ -1,6 +1,7 @@
 ENABLE_COTURN=true
-COTURN_TLS_CERT_PATH=/etc/letsencrypt/live/{{ primary_domain if enable_one_letsencrypt_cert_for_all else domain }}/fullchain.pem
-COTURN_TLS_KEY_PATH=/etc/letsencrypt/live/{{ primary_domain if enable_one_letsencrypt_cert_for_all else domain }}/privkey.pem
+{% set ssl_cert_folder = primary_domain if enable_one_letsencrypt_cert_for_all and primary_domain in domain else domain %}
+COTURN_TLS_CERT_PATH=/etc/letsencrypt/live/{{ssl_cert_folder}}/fullchain.pem
+COTURN_TLS_KEY_PATH=/etc/letsencrypt/live/{{ssl_cert_folder}}/privkey.pem
 ENABLE_GREENLIGHT={{applications.bigbluebutton.enable_greenlight}}

 # Enable Webhooks
@ -41,12 +42,12 @@ FSESL_PASSWORD={{bigbluebutton_fsesl_password}}

 DOMAIN={{domain}}

-EXTERNAL_IPv4={{{{networks.internet.ip4}}}}
+EXTERNAL_IPv4={{networks.internet.ip4}}
 EXTERNAL_IPv6=

 # STUN SERVER
 # stun.freeswitch.org
-STUN_IP={{{{networks.internet.ip4}}}}
+STUN_IP={{networks.internet.ip4}}
 STUN_PORT=3478

 # TURN SERVER
--- a/roles/docker-matrix-ansible/templates/hosts.yml.j2
+++ b/roles/docker-matrix-ansible/templates/hosts.yml.j2
@ -1,7 +1,7 @@
 matrix_servers:
  hosts:
    {{inventory_hostname}}:
-      ansible_host: "{{{{networks.internet.ip4}}}}"
+      ansible_host: "{{networks.internet.ip4}}"
      ansible_ssh_user: administrator
      become: true
      become_user: root
--- a/roles/letsencrypt/templates/ssl_credentials.j2
+++ b/roles/letsencrypt/templates/ssl_credentials.j2
@ -1,4 +1,4 @@
-{% set ssl_cert_folder = primary_domain if enable_one_letsencrypt_cert_for_all else domain %}
+{% set ssl_cert_folder = primary_domain if enable_one_letsencrypt_cert_for_all and primary_domain in domain else domain %}
 ssl_certificate /etc/letsencrypt/live/{{ ssl_cert_folder }}/fullchain.pem;
 ssl_certificate_key /etc/letsencrypt/live/{{ ssl_cert_folder }}/privkey.pem;
 ssl_trusted_certificate /etc/letsencrypt/live/{{ ssl_cert_folder }}/chain.pem;
--- a/tasks/recieve-certbot-certificate.yml
+++ b/tasks/recieve-certbot-certificate.yml
@ -10,7 +10,10 @@
    certbot certonly --agree-tos --email {{ administrator_email }}
    --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{ primary_domain }} -d *.{{ primary_domain }}
    {{ '--test-cert' if mode_test | bool else '' }}
-  when: enable_one_letsencrypt_cert_for_all and run_once_recieve_certificate is not defined
+  when: 
+    - enable_one_letsencrypt_cert_for_all
+    - primary_domain in domain
+    - run_once_recieve_certificate is not defined

 - name: "Cleanup dedicated cert for {{ domain }}"
  command: >-
@ -18,6 +21,7 @@
  when: 
    - mode_cleanup
    - enable_one_letsencrypt_cert_for_all
+    - primary_domain in domain
    - domain != primary_domain
  ignore_errors: true