From 8e2c8360d4e31e292858c56e91fe0307d10f4e4d Mon Sep 17 00:00:00 2001 From: Kevin Veen-Birkenbach Date: Mon, 3 Feb 2025 16:05:25 +0100 Subject: [PATCH] Solved wildcard certificate for non-wildcard domains and network variable bug --- roles/docker-bigbluebutton/templates/env.j2 | 9 +++++---- roles/docker-matrix-ansible/templates/hosts.yml.j2 | 2 +- roles/letsencrypt/templates/ssl_credentials.j2 | 2 +- tasks/recieve-certbot-certificate.yml | 6 +++++- 4 files changed, 12 insertions(+), 7 deletions(-) diff --git a/roles/docker-bigbluebutton/templates/env.j2 b/roles/docker-bigbluebutton/templates/env.j2 index 4e514a31..039e02e8 100644 --- a/roles/docker-bigbluebutton/templates/env.j2 +++ b/roles/docker-bigbluebutton/templates/env.j2 @@ -1,6 +1,7 @@ ENABLE_COTURN=true -COTURN_TLS_CERT_PATH=/etc/letsencrypt/live/{{ primary_domain if enable_one_letsencrypt_cert_for_all else domain }}/fullchain.pem -COTURN_TLS_KEY_PATH=/etc/letsencrypt/live/{{ primary_domain if enable_one_letsencrypt_cert_for_all else domain }}/privkey.pem +{% set ssl_cert_folder = primary_domain if enable_one_letsencrypt_cert_for_all and primary_domain in domain else domain %} +COTURN_TLS_CERT_PATH=/etc/letsencrypt/live/{{ssl_cert_folder}}/fullchain.pem +COTURN_TLS_KEY_PATH=/etc/letsencrypt/live/{{ssl_cert_folder}}/privkey.pem ENABLE_GREENLIGHT={{applications.bigbluebutton.enable_greenlight}} # Enable Webhooks @@ -41,12 +42,12 @@ FSESL_PASSWORD={{bigbluebutton_fsesl_password}} DOMAIN={{domain}} -EXTERNAL_IPv4={{{{networks.internet.ip4}}}} +EXTERNAL_IPv4={{networks.internet.ip4}} EXTERNAL_IPv6= # STUN SERVER # stun.freeswitch.org -STUN_IP={{{{networks.internet.ip4}}}} +STUN_IP={{networks.internet.ip4}} STUN_PORT=3478 # TURN SERVER diff --git a/roles/docker-matrix-ansible/templates/hosts.yml.j2 b/roles/docker-matrix-ansible/templates/hosts.yml.j2 index d2347263..70742230 100644 --- a/roles/docker-matrix-ansible/templates/hosts.yml.j2 +++ b/roles/docker-matrix-ansible/templates/hosts.yml.j2 @@ -1,7 +1,7 @@ matrix_servers: hosts: {{inventory_hostname}}: - ansible_host: "{{{{networks.internet.ip4}}}}" + ansible_host: "{{networks.internet.ip4}}" ansible_ssh_user: administrator become: true become_user: root diff --git a/roles/letsencrypt/templates/ssl_credentials.j2 b/roles/letsencrypt/templates/ssl_credentials.j2 index 5ee8b4fb..e30c6592 100644 --- a/roles/letsencrypt/templates/ssl_credentials.j2 +++ b/roles/letsencrypt/templates/ssl_credentials.j2 @@ -1,4 +1,4 @@ -{% set ssl_cert_folder = primary_domain if enable_one_letsencrypt_cert_for_all else domain %} +{% set ssl_cert_folder = primary_domain if enable_one_letsencrypt_cert_for_all and primary_domain in domain else domain %} ssl_certificate /etc/letsencrypt/live/{{ ssl_cert_folder }}/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/{{ ssl_cert_folder }}/privkey.pem; ssl_trusted_certificate /etc/letsencrypt/live/{{ ssl_cert_folder }}/chain.pem; \ No newline at end of file diff --git a/tasks/recieve-certbot-certificate.yml b/tasks/recieve-certbot-certificate.yml index c8cd8fa5..f92b8387 100644 --- a/tasks/recieve-certbot-certificate.yml +++ b/tasks/recieve-certbot-certificate.yml @@ -10,7 +10,10 @@ certbot certonly --agree-tos --email {{ administrator_email }} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{ primary_domain }} -d *.{{ primary_domain }} {{ '--test-cert' if mode_test | bool else '' }} - when: enable_one_letsencrypt_cert_for_all and run_once_recieve_certificate is not defined + when: + - enable_one_letsencrypt_cert_for_all + - primary_domain in domain + - run_once_recieve_certificate is not defined - name: "Cleanup dedicated cert for {{ domain }}" command: >- @@ -18,6 +21,7 @@ when: - mode_cleanup - enable_one_letsencrypt_cert_for_all + - primary_domain in domain - domain != primary_domain ignore_errors: true