Ensure there is no race between haproxy and certbot for initial cert
The certbot pre-hook is not used during initial setup of the cert, only during renewal. This means that the same race condition exists at initial configiuration as renewal. This patch uses the same approach as used in the renewal pre-hook and applies it during initialisation of certbot. This fixes race condition related failures during initial provisioning of haproxy+letsencrypt. Change-Id: Ica5ed5de24e3eb2fb5a743bb877d113ed0bb8a43
This commit is contained in:
parent
6b60e51005
commit
5fba658296
|
@ -62,7 +62,10 @@
|
|||
when: haproxy_ssl_letsencrypt_install_method == 'distro'
|
||||
|
||||
- name: Create first time ssl cert with certbot
|
||||
command: >
|
||||
shell: >
|
||||
timeout {{ haproxy_ssl_letsencrypt_pre_hook_timeout }}
|
||||
python3 -m http.server {{ haproxy_ssl_letsencrypt_certbot_backend_port }}
|
||||
--bind {{ haproxy_ssl_letsencrypt_certbot_bind_address }} || true &&
|
||||
{{ haproxy_ssl_letsencrypt_certbot_binary }} certonly
|
||||
--standalone
|
||||
--agree-tos
|
||||
|
|
Loading…
Reference in New Issue