Solved wildcard certificate for non-wildcard domains and network variable bug

This commit is contained in:
Kevin Veen-Birkenbach 2025-02-03 16:05:25 +01:00
parent b91a132407
commit 8e2c8360d4
4 changed files with 12 additions and 7 deletions

View File

@ -1,6 +1,7 @@
ENABLE_COTURN=true
COTURN_TLS_CERT_PATH=/etc/letsencrypt/live/{{ primary_domain if enable_one_letsencrypt_cert_for_all else domain }}/fullchain.pem
COTURN_TLS_KEY_PATH=/etc/letsencrypt/live/{{ primary_domain if enable_one_letsencrypt_cert_for_all else domain }}/privkey.pem
{% set ssl_cert_folder = primary_domain if enable_one_letsencrypt_cert_for_all and primary_domain in domain else domain %}
COTURN_TLS_CERT_PATH=/etc/letsencrypt/live/{{ssl_cert_folder}}/fullchain.pem
COTURN_TLS_KEY_PATH=/etc/letsencrypt/live/{{ssl_cert_folder}}/privkey.pem
ENABLE_GREENLIGHT={{applications.bigbluebutton.enable_greenlight}}
# Enable Webhooks
@ -41,12 +42,12 @@ FSESL_PASSWORD={{bigbluebutton_fsesl_password}}
DOMAIN={{domain}}
EXTERNAL_IPv4={{{{networks.internet.ip4}}}}
EXTERNAL_IPv4={{networks.internet.ip4}}
EXTERNAL_IPv6=
# STUN SERVER
# stun.freeswitch.org
STUN_IP={{{{networks.internet.ip4}}}}
STUN_IP={{networks.internet.ip4}}
STUN_PORT=3478
# TURN SERVER

View File

@ -1,7 +1,7 @@
matrix_servers:
hosts:
{{inventory_hostname}}:
ansible_host: "{{{{networks.internet.ip4}}}}"
ansible_host: "{{networks.internet.ip4}}"
ansible_ssh_user: administrator
become: true
become_user: root

View File

@ -1,4 +1,4 @@
{% set ssl_cert_folder = primary_domain if enable_one_letsencrypt_cert_for_all else domain %}
{% set ssl_cert_folder = primary_domain if enable_one_letsencrypt_cert_for_all and primary_domain in domain else domain %}
ssl_certificate /etc/letsencrypt/live/{{ ssl_cert_folder }}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/{{ ssl_cert_folder }}/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/{{ ssl_cert_folder }}/chain.pem;

View File

@ -10,7 +10,10 @@
certbot certonly --agree-tos --email {{ administrator_email }}
--non-interactive --webroot -w /var/lib/letsencrypt/ -d {{ primary_domain }} -d *.{{ primary_domain }}
{{ '--test-cert' if mode_test | bool else '' }}
when: enable_one_letsencrypt_cert_for_all and run_once_recieve_certificate is not defined
when:
- enable_one_letsencrypt_cert_for_all
- primary_domain in domain
- run_once_recieve_certificate is not defined
- name: "Cleanup dedicated cert for {{ domain }}"
command: >-
@ -18,6 +21,7 @@
when:
- mode_cleanup
- enable_one_letsencrypt_cert_for_all
- primary_domain in domain
- domain != primary_domain
ignore_errors: true